Vulnerabilities > CVE-2003-0858 - Resource Management Errors vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-415.NASL description Two vulnerabilities were discovered in zebra, an IP routing daemon : - CAN-2003-0795 - a bug in the telnet CLI could allow a remote attacker to cause a zebra process to crash, resulting in a denial of service. - CAN-2003-0858 - netlink messages sent by other users (rather than the kernel) would be accepted, leading to a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 15252 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15252 title Debian DSA-415-1 : zebra - denial of service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-415. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15252); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2003-0795", "CVE-2003-0858"); script_bugtraq_id(9029); script_xref(name:"DSA", value:"415"); script_name(english:"Debian DSA-415-1 : zebra - denial of service"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Two vulnerabilities were discovered in zebra, an IP routing daemon : - CAN-2003-0795 - a bug in the telnet CLI could allow a remote attacker to cause a zebra process to crash, resulting in a denial of service. - CAN-2003-0858 - netlink messages sent by other users (rather than the kernel) would be accepted, leading to a denial of service." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-415" ); script_set_attribute( attribute:"solution", value: "For the current stable distribution (woody) this problem has been fixed in version 0.92a-5woody2. The zebra package has been obsoleted in the unstable distribution by GNU Quagga, where this problem was fixed in version 0.96.4x-4. We recommend that you update your zebra package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:zebra"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/01/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"zebra", reference:"0.92a-5woody2")) flag++; if (deb_check(release:"3.0", prefix:"zebra-doc", reference:"0.92a-5woody2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-305.NASL description Updated zebra packages that close a locally-exploitable and a remotely-exploitable denial of service vulnerability are now available. Zebra an open source implementation of TCP/IP routing software. Jonny Robertson reported that Zebra can be remotely crashed if a Zebra password has been enabled and a remote attacker can connect to the Zebra telnet management port. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0795 to this issue. Herbert Xu reported that Zebra can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0858 to this issue. Users of Zebra should upgrade to these erratum packages, which contain a patch preventing Zebra from crashing when it receives a telnet option delimiter without any option data, and a patch that checks that netlink messages actually came from the kernel. last seen 2020-06-01 modified 2020-06-02 plugin id 12427 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12427 title RHEL 2.1 : zebra (RHSA-2003:305) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:305. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12427); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0795", "CVE-2003-0858"); script_xref(name:"RHSA", value:"2003:305"); script_name(english:"RHEL 2.1 : zebra (RHSA-2003:305)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated zebra packages that close a locally-exploitable and a remotely-exploitable denial of service vulnerability are now available. Zebra an open source implementation of TCP/IP routing software. Jonny Robertson reported that Zebra can be remotely crashed if a Zebra password has been enabled and a remote attacker can connect to the Zebra telnet management port. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0795 to this issue. Herbert Xu reported that Zebra can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0858 to this issue. Users of Zebra should upgrade to these erratum packages, which contain a patch preventing Zebra from crashing when it receives a telnet option delimiter without any option data, and a patch that checks that netlink messages actually came from the kernel." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0795" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0858" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:305" ); script_set_attribute(attribute:"solution", value:"Update the affected zebra package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:zebra"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/15"); script_set_attribute(attribute:"patch_publication_date", value:"2003/11/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:305"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"zebra-0.91a-10.21AS")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zebra"); } }
NASL family Denial of Service NASL id ZEBRA_DOS.NASL description A remote denial of service vulnerability exists in Zebra and Quagga that can be triggered by sending a telnet option delimiter with no actual option data, which causes the daemon to attempt to dereference a typically NULL pointer and crash. This affects all versions from 0.90a to 0.93b. last seen 2020-06-01 modified 2020-06-02 plugin id 11925 published 2003-11-17 reporter This script is copyright (C) 2003-2018 Matt North source https://www.tenable.com/plugins/nessus/11925 title Quagga / Zebra Malformed Telnet Command Denial of Service code # MA 2003-11-17: added Services/zebra + MIXED_ATTACK support # Changes by Tenable: # - Updated to use compat.inc (11/16/09) # - Revised plugin title, removed CVE-2003-0858 (6/27/09) include("compat.inc"); if(description) { script_id(11925); script_version("1.25"); script_cve_id("CVE-2003-0795"); script_bugtraq_id(9029); script_xref(name:"RHSA", value:"2003:307-01"); script_name(english:"Quagga / Zebra Malformed Telnet Command Denial of Service"); script_set_attribute(attribute:"synopsis", value: "The remote routing daemon is prone to a denial of service attack." ); script_set_attribute(attribute:"description", value: "A remote denial of service vulnerability exists in Zebra and Quagga that can be triggered by sending a telnet option delimiter with no actual option data, which causes the daemon to attempt to dereference a typically NULL pointer and crash. This affects all versions from 0.90a to 0.93b." ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2003/Nov/151" ); script_set_attribute(attribute:"see_also", value:"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107140" ); script_set_attribute(attribute:"solution", value: "If using Quagga, upgrade to version 0.96.4 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2003/11/17"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/11/13"); script_cvs_date("Date: 2018/11/15 20:50:22"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Attempts to crash the remote service Zebra and/or Quagga"); script_category(ACT_MIXED_ATTACK); script_copyright(english:"This script is copyright (C) 2003-2018 Matt North"); script_require_ports("Services/zebra", 2601, 2602, 2603, 2604, 2605); script_dependencie("find_service1.nasl"); script_family(english:"Denial of Service"); exit(0); } include("global_settings.inc"); # Maybe we should try this on any telnet server? port = get_kb_item("Services/zebra"); if (! port) port = 2601; if (! get_port_state(port)) exit(0); if (safe_checks()) { banner = get_kb_item("zebra/banner/"+port); if (!banner) { soc = open_sock_tcp(port); if(!soc) exit(0); banner = recv_line(socket: soc, length: 1024); if ( banner ) set_kb_item(name: "zebra/banner/"+port, value: banner); close(soc); } if (banner && egrep(string: banner, pattern: "Hello, this is zebra \(version 0\.9[0-3][ab]?\)")) security_warning(port); exit(0); } if (report_paranoia < 2) exit(0); soc = open_sock_tcp(port); if(!soc) exit(0); s = raw_string(0xff,0xf0,0xff,0xf0,0xff,0xf0); send(socket:soc, data:s); r = recv(socket: soc, length:1024); close(soc); alive = open_sock_tcp(port); if(!alive) security_warning(port); else close(alive);
NASL family FreeBSD Local Security Checks NASL id FREEBSD_ZEBRA_093B_7.NASL description The following package needs to be updated: quagga last seen 2016-09-26 modified 2004-07-06 plugin id 12629 published 2004-07-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=12629 title FreeBSD : zebra/quagga denial of service vulnerability (212) code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated by freebsd_pkg_cad045c081a511d896450020ed76ef5a.nasl. # # Disabled on 2011/10/02. # # # (C) Tenable Network Security, Inc. # # This script contains information extracted from VuXML : # # Copyright 2003-2006 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # include('compat.inc'); if ( description ) { script_id(12629); script_version("1.12"); script_cve_id("CVE-2003-0858"); script_name(english:"FreeBSD : zebra/quagga denial of service vulnerability (212)"); script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update'); script_set_attribute(attribute:'description', value:'The following package needs to be updated: quagga'); script_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P'); script_set_attribute(attribute:'solution', value: 'Update the package on the remote host'); script_set_attribute(attribute: 'see_also', value: 'http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107140 http://mozillanews.org/?article_date=2004-12-08+06-48-46 http://rhn.redhat.com/errata/RHSA-2003-305.html http://secunia.com/advisories/13129/ http://secunia.com/advisories/13254/ http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ http://www.mozilla.org/security/announce/2006/mfsa2006-09.html http://www.mozilla.org/security/announce/2006/mfsa2006-10.html http://www.mozilla.org/security/announce/2006/mfsa2006-11.html http://www.mozilla.org/security/announce/2006/mfsa2006-12.html http://www.mozilla.org/security/announce/2006/mfsa2006-13.html http://www.mozilla.org/security/announce/2006/mfsa2006-14.html http://www.mozilla.org/security/announce/2006/mfsa2006-15.html http://www.mozilla.org/security/announce/2006/mfsa2006-16.html http://www.mozilla.org/security/announce/2006/mfsa2006-17.html http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt https://bugzilla.mozilla.org/show_bug.cgi?id=103638 https://bugzilla.mozilla.org/show_bug.cgi?id=273699'); script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/cad045c0-81a5-11d8-9645-0020ed76ef5a.html'); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06"); script_end_attributes(); script_summary(english:"Check for quagga"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); family["english"] = "FreeBSD Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/FreeBSD/pkg_info"); exit(0); } # Deprecated. exit(0, "This plugin has been deprecated. Refer to plugin #38031 (freebsd_pkg_cad045c081a511d896450020ed76ef5a.nasl) instead."); global_var cvss_score; cvss_score=2; include('freebsd_package.inc'); pkg_test(pkg:"zebra<0.93b_7"); pkg_test(pkg:"quagga<0.96.4");
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_CAD045C081A511D896450020ED76EF5A.NASL description A remote attacker could cause zebra/quagga to crash by sending a malformed telnet command to their management port. last seen 2020-06-01 modified 2020-06-02 plugin id 38031 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38031 title FreeBSD : zebra/quagga denial of service vulnerability (cad045c0-81a5-11d8-9645-0020ed76ef5a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(38031); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:36"); script_cve_id("CVE-2003-0858"); script_name(english:"FreeBSD : zebra/quagga denial of service vulnerability (cad045c0-81a5-11d8-9645-0020ed76ef5a)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "A remote attacker could cause zebra/quagga to crash by sending a malformed telnet command to their management port." ); # http://rhn.redhat.com/errata/RHSA-2003-305.html script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:305" ); # http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107140 script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=107140" ); # http://lists.quagga.net/pipermail/quagga-users/2003-November/000906.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?32b93430" ); # https://vuxml.freebsd.org/freebsd/cad045c0-81a5-11d8-9645-0020ed76ef5a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7ab8a893" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:quagga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:zebra"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/11/20"); script_set_attribute(attribute:"patch_publication_date", value:"2004/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"zebra<0.93b_7")) flag++; if (pkg_test(save_report:TRUE, pkg:"quagga<0.96.4")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-315.NASL description Updated Quagga packages that close a locally-exploitable denial of service vulnerability are now available. Quagga is an open source implementation of TCP/IP routing software. Herbert Xu reported that Quagga can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0858 to this issue. Users of Quagga should upgrade to these erratum packages, which contain a patch that checks that netlink messages actually came from the kernel. This erratum also includes quagga-devel and quagga-contrib packages which were not originally shipped with Red Hat Enterprise Linux 3. last seen 2020-06-01 modified 2020-06-02 plugin id 12431 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12431 title RHEL 3 : quagga (RHSA-2003:315) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:315. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12431); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0858"); script_xref(name:"RHSA", value:"2003:315"); script_name(english:"RHEL 3 : quagga (RHSA-2003:315)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated Quagga packages that close a locally-exploitable denial of service vulnerability are now available. Quagga is an open source implementation of TCP/IP routing software. Herbert Xu reported that Quagga can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0858 to this issue. Users of Quagga should upgrade to these erratum packages, which contain a patch that checks that netlink messages actually came from the kernel. This erratum also includes quagga-devel and quagga-contrib packages which were not originally shipped with Red Hat Enterprise Linux 3." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0858" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:315" ); script_set_attribute( attribute:"solution", value: "Update the affected quagga, quagga-contrib and / or quagga-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:quagga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:quagga-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:quagga-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/15"); script_set_attribute(attribute:"patch_publication_date", value:"2003/11/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:315"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"quagga-0.96.2-8.3E")) flag++; if (rpm_check(release:"RHEL3", reference:"quagga-contrib-0.96.2-8.3E")) flag++; if (rpm_check(release:"RHEL3", reference:"quagga-devel-0.96.2-8.3E")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "quagga / quagga-contrib / quagga-devel"); } }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-148.NASL description Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack. The updated packages have been patched to prevent this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 15956 published 2004-12-14 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15956 title Mandrake Linux Security Advisory : iproute2 (MDKSA-2004:148) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:148. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(15956); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2003-0856", "CVE-2003-0858", "CVE-2003-0859"); script_xref(name:"MDKSA", value:"2004:148"); script_name(english:"Mandrake Linux Security Advisory : iproute2 (MDKSA-2004:148)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack. The updated packages have been patched to prevent this problem." ); script_set_attribute( attribute:"solution", value:"Update the affected iproute2 package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:iproute2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"iproute2-2.4.7-11.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"iproute2-2.4.7-11.1.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
accepted | 2013-04-29T04:02:35.924-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | ||||||||
family | unix | ||||||||
id | oval:org.mitre.oval:def:10169 | ||||||||
status | accepted | ||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||
title | Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | ||||||||
version | 26 |
Redhat
advisories |
| ||||||||||||
rpms |
|
References
- http://secunia.com/advisories/10563
- http://www.debian.org/security/2004/dsa-415
- http://www.redhat.com/support/errata/RHSA-2003-305.html
- http://www.redhat.com/support/errata/RHSA-2003-307.html
- http://www.redhat.com/support/errata/RHSA-2003-315.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169