Vulnerabilities > CVE-2003-0858 - Resource Management Errors vulnerability in multiple products

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
local
low complexity
gnu
quagga
CWE-399
nessus

Summary

Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

Vulnerable Configurations

Part Description Count
Application
Gnu
2
Application
Quagga
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-415.NASL
    descriptionTwo vulnerabilities were discovered in zebra, an IP routing daemon : - CAN-2003-0795 - a bug in the telnet CLI could allow a remote attacker to cause a zebra process to crash, resulting in a denial of service. - CAN-2003-0858 - netlink messages sent by other users (rather than the kernel) would be accepted, leading to a denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id15252
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15252
    titleDebian DSA-415-1 : zebra - denial of service
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-415. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15252);
      script_version("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2003-0795", "CVE-2003-0858");
      script_bugtraq_id(9029);
      script_xref(name:"DSA", value:"415");
    
      script_name(english:"Debian DSA-415-1 : zebra - denial of service");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two vulnerabilities were discovered in zebra, an IP routing daemon :
    
      - CAN-2003-0795 - a bug in the telnet CLI could allow a
        remote attacker to cause a zebra process to crash,
        resulting in a denial of service.
      - CAN-2003-0858 - netlink messages sent by other users
        (rather than the kernel) would be accepted, leading to a
        denial of service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2004/dsa-415"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "For the current stable distribution (woody) this problem has been
    fixed in version 0.92a-5woody2.
    
    
    The zebra package has been obsoleted in the unstable distribution by
    GNU Quagga, where this problem was fixed in version 0.96.4x-4.
    
    We recommend that you update your zebra package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:zebra");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/01/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"zebra", reference:"0.92a-5woody2")) flag++;
    if (deb_check(release:"3.0", prefix:"zebra-doc", reference:"0.92a-5woody2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-305.NASL
    descriptionUpdated zebra packages that close a locally-exploitable and a remotely-exploitable denial of service vulnerability are now available. Zebra an open source implementation of TCP/IP routing software. Jonny Robertson reported that Zebra can be remotely crashed if a Zebra password has been enabled and a remote attacker can connect to the Zebra telnet management port. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0795 to this issue. Herbert Xu reported that Zebra can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0858 to this issue. Users of Zebra should upgrade to these erratum packages, which contain a patch preventing Zebra from crashing when it receives a telnet option delimiter without any option data, and a patch that checks that netlink messages actually came from the kernel.
    last seen2020-06-01
    modified2020-06-02
    plugin id12427
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12427
    titleRHEL 2.1 : zebra (RHSA-2003:305)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2003:305. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12427);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2003-0795", "CVE-2003-0858");
      script_xref(name:"RHSA", value:"2003:305");
    
      script_name(english:"RHEL 2.1 : zebra (RHSA-2003:305)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated zebra packages that close a locally-exploitable and a
    remotely-exploitable denial of service vulnerability are now
    available.
    
    Zebra an open source implementation of TCP/IP routing software.
    
    Jonny Robertson reported that Zebra can be remotely crashed if a Zebra
    password has been enabled and a remote attacker can connect to the
    Zebra telnet management port. The Common Vulnerabilities and Exposures
    project (cve.mitre.org) has assigned the name CVE-2003-0795 to this
    issue.
    
    Herbert Xu reported that Zebra can accept spoofed messages sent on the
    kernel netlink interface by other users on the local machine. This
    could lead to a local denial of service attack. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2003-0858 to this issue.
    
    Users of Zebra should upgrade to these erratum packages, which contain
    a patch preventing Zebra from crashing when it receives a telnet
    option delimiter without any option data, and a patch that checks that
    netlink messages actually came from the kernel."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2003-0795"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2003-0858"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2003:305"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected zebra package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:zebra");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2003/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2003:305";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"zebra-0.91a-10.21AS")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zebra");
      }
    }
    
  • NASL familyDenial of Service
    NASL idZEBRA_DOS.NASL
    descriptionA remote denial of service vulnerability exists in Zebra and Quagga that can be triggered by sending a telnet option delimiter with no actual option data, which causes the daemon to attempt to dereference a typically NULL pointer and crash. This affects all versions from 0.90a to 0.93b.
    last seen2020-06-01
    modified2020-06-02
    plugin id11925
    published2003-11-17
    reporterThis script is copyright (C) 2003-2018 Matt North
    sourcehttps://www.tenable.com/plugins/nessus/11925
    titleQuagga / Zebra Malformed Telnet Command Denial of Service
    code
    # MA 2003-11-17: added Services/zebra + MIXED_ATTACK support
    
    # Changes by Tenable:
    # - Updated to use compat.inc (11/16/09)
    # - Revised plugin title, removed CVE-2003-0858 (6/27/09)
    
    
    include("compat.inc");
    
    if(description)
    {
            script_id(11925);
            script_version("1.25");
    
    	script_cve_id("CVE-2003-0795");
            script_bugtraq_id(9029);
      	script_xref(name:"RHSA", value:"2003:307-01");
    
            script_name(english:"Quagga / Zebra Malformed Telnet Command Denial of Service");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote routing daemon is prone to a denial of service attack." );
     script_set_attribute(attribute:"description", value:
    "A remote denial of service vulnerability exists in Zebra and Quagga
    that can be triggered by sending a telnet option delimiter with no
    actual option data, which causes the daemon to attempt to dereference
    a typically NULL pointer and crash. 
    
    This affects all versions from 0.90a to 0.93b." );
     script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2003/Nov/151" );
     script_set_attribute(attribute:"see_also", value:"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107140" );
     script_set_attribute(attribute:"solution", value:
    "If using Quagga, upgrade to version 0.96.4 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"plugin_publication_date", value: "2003/11/17");
     script_set_attribute(attribute:"vuln_publication_date", value: "2003/11/13");
     script_cvs_date("Date: 2018/11/15 20:50:22");
    script_set_attribute(attribute:"plugin_type", value:"remote");
    script_end_attributes();
    
            script_summary(english:"Attempts to crash the remote service Zebra and/or Quagga");
            script_category(ACT_MIXED_ATTACK);
            script_copyright(english:"This script is copyright (C) 2003-2018 Matt North");
    	script_require_ports("Services/zebra", 2601, 2602, 2603, 2604, 2605);
    	script_dependencie("find_service1.nasl");
            script_family(english:"Denial of Service");
            exit(0);
    }
    
    include("global_settings.inc");
    
    # Maybe we should try this on any telnet server?
    port = get_kb_item("Services/zebra");
    
    if (! port) port = 2601;
    if (! get_port_state(port)) exit(0);
    
    if (safe_checks())
    {
      banner = get_kb_item("zebra/banner/"+port);
      if (!banner)
      {
        soc = open_sock_tcp(port);
        if(!soc) exit(0);
        banner = recv_line(socket: soc, length: 1024);
        if ( banner ) set_kb_item(name: "zebra/banner/"+port, value: banner);
        close(soc);
      }
      if (banner && egrep(string: banner, 
    		pattern: "Hello, this is zebra \(version 0\.9[0-3][ab]?\)"))
        security_warning(port);
      exit(0);
    }
    
    if (report_paranoia < 2) exit(0);
    
    soc = open_sock_tcp(port);
    if(!soc) exit(0);
    
    s = raw_string(0xff,0xf0,0xff,0xf0,0xff,0xf0);
    
    send(socket:soc, data:s);
    r = recv(socket: soc, length:1024);
    close(soc);
    alive = open_sock_tcp(port);
    if(!alive) security_warning(port);
    else close(alive);
    
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_ZEBRA_093B_7.NASL
    descriptionThe following package needs to be updated: quagga
    last seen2016-09-26
    modified2004-07-06
    plugin id12629
    published2004-07-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=12629
    titleFreeBSD : zebra/quagga denial of service vulnerability (212)
    code
    #%NASL_MIN_LEVEL 999999
    
    # @DEPRECATED@
    #
    # This script has been deprecated by freebsd_pkg_cad045c081a511d896450020ed76ef5a.nasl.
    #
    # Disabled on 2011/10/02.
    #
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # This script contains information extracted from VuXML :
    #
    # Copyright 2003-2006 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #   copyright notice, this list of conditions and the following
    #   disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #   published online in any format, converted to PDF, PostScript,
    #   RTF and other formats) must reproduce the above copyright
    #   notice, this list of conditions and the following disclaimer
    #   in the documentation and/or other materials provided with the
    #   distribution.
    #
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    #
    #
    
    include('compat.inc');
    
    if ( description )
    {
     script_id(12629);
     script_version("1.12");
     script_cve_id("CVE-2003-0858");
    
     script_name(english:"FreeBSD : zebra/quagga denial of service vulnerability (212)");
    
    script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');
    script_set_attribute(attribute:'description', value:'The following package needs to be updated: quagga');
    script_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P');
    script_set_attribute(attribute:'solution', value: 'Update the package on the remote host');
    script_set_attribute(attribute: 'see_also', value: 'http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107140
    http://mozillanews.org/?article_date=2004-12-08+06-48-46
    http://rhn.redhat.com/errata/RHSA-2003-305.html
    http://secunia.com/advisories/13129/
    http://secunia.com/advisories/13254/
    http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
    http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
    http://www.mozilla.org/security/announce/2006/mfsa2006-17.html
    http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6
    http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt
    https://bugzilla.mozilla.org/show_bug.cgi?id=103638
    https://bugzilla.mozilla.org/show_bug.cgi?id=273699');
    script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/cad045c0-81a5-11d8-9645-0020ed76ef5a.html');
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06");
     script_end_attributes();
     script_summary(english:"Check for quagga");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
     family["english"] = "FreeBSD Local Security Checks";
     script_family(english:family["english"]);
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/FreeBSD/pkg_info");
     exit(0);
    }
    
    # Deprecated.
    exit(0, "This plugin has been deprecated. Refer to plugin #38031 (freebsd_pkg_cad045c081a511d896450020ed76ef5a.nasl) instead.");
    
    global_var cvss_score;
    cvss_score=2;
    include('freebsd_package.inc');
    
    
    pkg_test(pkg:"zebra<0.93b_7");
    
    pkg_test(pkg:"quagga<0.96.4");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CAD045C081A511D896450020ED76EF5A.NASL
    descriptionA remote attacker could cause zebra/quagga to crash by sending a malformed telnet command to their management port.
    last seen2020-06-01
    modified2020-06-02
    plugin id38031
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38031
    titleFreeBSD : zebra/quagga denial of service vulnerability (cad045c0-81a5-11d8-9645-0020ed76ef5a)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(38031);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:36");
    
      script_cve_id("CVE-2003-0858");
    
      script_name(english:"FreeBSD : zebra/quagga denial of service vulnerability (cad045c0-81a5-11d8-9645-0020ed76ef5a)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A remote attacker could cause zebra/quagga to crash by sending a
    malformed telnet command to their management port."
      );
      # http://rhn.redhat.com/errata/RHSA-2003-305.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2003:305"
      );
      # http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107140
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=107140"
      );
      # http://lists.quagga.net/pipermail/quagga-users/2003-November/000906.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?32b93430"
      );
      # https://vuxml.freebsd.org/freebsd/cad045c0-81a5-11d8-9645-0020ed76ef5a.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7ab8a893"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:quagga");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:zebra");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/11/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"zebra<0.93b_7")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"quagga<0.96.4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-315.NASL
    descriptionUpdated Quagga packages that close a locally-exploitable denial of service vulnerability are now available. Quagga is an open source implementation of TCP/IP routing software. Herbert Xu reported that Quagga can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0858 to this issue. Users of Quagga should upgrade to these erratum packages, which contain a patch that checks that netlink messages actually came from the kernel. This erratum also includes quagga-devel and quagga-contrib packages which were not originally shipped with Red Hat Enterprise Linux 3.
    last seen2020-06-01
    modified2020-06-02
    plugin id12431
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12431
    titleRHEL 3 : quagga (RHSA-2003:315)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2003:315. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(12431);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2003-0858");
      script_xref(name:"RHSA", value:"2003:315");
    
      script_name(english:"RHEL 3 : quagga (RHSA-2003:315)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated Quagga packages that close a locally-exploitable denial of
    service vulnerability are now available.
    
    Quagga is an open source implementation of TCP/IP routing software.
    
    Herbert Xu reported that Quagga can accept spoofed messages sent on
    the kernel netlink interface by other users on the local machine. This
    could lead to a local denial of service attack. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2003-0858 to this issue.
    
    Users of Quagga should upgrade to these erratum packages, which
    contain a patch that checks that netlink messages actually came from
    the kernel. This erratum also includes quagga-devel and quagga-contrib
    packages which were not originally shipped with Red Hat Enterprise
    Linux 3."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2003-0858"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2003:315"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected quagga, quagga-contrib and / or quagga-devel
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:quagga");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:quagga-contrib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:quagga-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2003/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2003:315";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"quagga-0.96.2-8.3E")) flag++;
      if (rpm_check(release:"RHEL3", reference:"quagga-contrib-0.96.2-8.3E")) flag++;
      if (rpm_check(release:"RHEL3", reference:"quagga-devel-0.96.2-8.3E")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "quagga / quagga-contrib / quagga-devel");
      }
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-148.NASL
    descriptionHerbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack. The updated packages have been patched to prevent this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id15956
    published2004-12-14
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15956
    titleMandrake Linux Security Advisory : iproute2 (MDKSA-2004:148)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2004:148. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15956);
      script_version ("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2003-0856", "CVE-2003-0858", "CVE-2003-0859");
      script_xref(name:"MDKSA", value:"2004:148");
    
      script_name(english:"Mandrake Linux Security Advisory : iproute2 (MDKSA-2004:148)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandrake Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Herbert Xu discovered that iproute can accept spoofed messages sent
    via the kernel netlink interface by other users on the local machine.
    This could lead to a local Denial of Service attack.
    
    The updated packages have been patched to prevent this problem."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected iproute2 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:iproute2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/12/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.0", reference:"iproute2-2.4.7-11.1.100mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.2", reference:"iproute2-2.4.7-11.1.92mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Oval

accepted2013-04-29T04:02:35.924-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionZebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
familyunix
idoval:org.mitre.oval:def:10169
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleZebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
version26

Redhat

advisories
  • rhsa
    idRHSA-2003:305
  • rhsa
    idRHSA-2003:307
  • rhsa
    idRHSA-2003:315
rpms
  • quagga-0:0.96.2-8.3E
  • quagga-debuginfo-0:0.96.2-8.3E