DSA-415

Source
https://security-tracker.debian.org/tracker/DSA-415
Import Source
https://storage.googleapis.com/debian-osv/dsa-osv/DSA-415.json
JSON Data
https://api.osv.dev/v1/vulns/DSA-415
Withdrawn
2024-05-15T05:36:14.125533Z
Published
2004-01-06T00:00:00Z
Modified
2022-07-04T02:00:53.648181Z
Summary
zebra - denial of service
Details

Two vulnerabilities were discovered in zebra, an IP routing daemon:

  • CAN-2003-0795 - a bug in the telnet CLI could allow a remote attacker to cause a zebra process to crash, resulting in a denial of service.
  • CAN-2003-0858 - netlink messages sent by other users (rather than the kernel) would be accepted, leading to a denial of service.

For the current stable distribution (woody) this problem has been fixed in version 0.92a-5woody2.

The zebra package has been obsoleted in the unstable distribution by GNU Quagga, where this problem was fixed in version 0.96.4x-4.

We recommend that you update your zebra package.

References

Affected packages