CVE-2003-0795
Zebra <= 0.93b - Denial of Service via Malformed Telnet Command
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-0795. PoCs published by Jonny Robertson.
AI-analyzed exploit summary This exploit targets a denial of service vulnerability in Zebra and Quagga by sending a malformed packet to the telnet management port, causing a crash due to a NULL pointer dereference. The PoC uses a simple printf command piped to netcat.
Description
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
Exploits (1)
This exploit targets a denial of service vulnerability in Zebra and Quagga by sending a malformed packet to the telnet management port, causing a crash due to a NULL pointer dereference. The PoC uses a simple printf command piped to netcat.