Detections
Analytics

Zebedee Malformed Protocol Option Header Port 0 Remote DoS

medium Nessus Plugin ID 19606

Language:

Synopsis

The remote tunneling service is prone to a denial of service attack.

Description

The version of Zebedee installed on the remote host will crash if it receives a request for a connection with a destination port of 0. By exploiting this flaw, an attacker could cause the affected application to fail to respond to further requests.

Solution

Upgrade to Zebedee 2.4.1A / 2.5.3 or later.

See Also

https://www.securityfocus.com/archive/1/410157/30/0/threaded

http://sourceforge.net/mailarchive/forum.php?thread_id=8134987&forum_id=2055

Plugin Details

Severity: Medium

ID: 19606

File Name: zebedee_port0_dos.nasl

Version: 1.23

Type: remote

Published: 9/10/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/9/2005

Reference Information

CVE: CVE-2005-2904

BID: 14796