CVE-2003-0858 - OpenCVE

Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gnu	Zebra
Quagga	Quagga Routing Software Suite

Configuration 1 [-]

OR	cpe:2.3:a:gnu:zebra::::::::
	cpe:2.3:a:quagga:quagga_routing_software_suite::::::::

References

Link	Resource
http://secunia.com/advisories/10563	Vendor Advisory
http://www.debian.org/security/2004/dsa-415	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-305.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-307.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-315.html	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2003-11-18T05:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2003-10-10T00:00:00

Link: CVE-2003-0858

JSON object: View

NVD Information

Status : Modified

Published: 2003-12-15T05:00:00.000

Modified: 2017-10-11T01:29:15.590

Link: CVE-2003-0858

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2003:315", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-315.html"}, {"name": "RHSA-2003:305", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-305.html"}, {"name": "DSA-415", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2004/dsa-415"}, {"name": "10563", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/10563"}, {"name": "oval:org.mitre.oval:def:10169", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169"}, {"name": "RHSA-2003:307", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-307.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0858", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2003:315", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-315.html"}, {"name": "RHSA-2003:305", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-305.html"}, {"name": "DSA-415", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-415"}, {"name": "10563", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/10563"}, {"name": "oval:org.mitre.oval:def:10169", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169"}, {"name": "RHSA-2003:307", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-307.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0858", "datePublished": "2003-11-18T05:00:00", "dateReserved": "2003-10-10T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:zebra:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C5D9FF5-367E-489E-A1BC-DD599AEAC269", "versionEndIncluding": "0.91", "vulnerable": true}, {"criteria": "cpe:2.3:a:quagga:quagga_routing_software_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "78DC31B3-C915-4606-B589-5F5A725F10F7", "versionEndIncluding": "0.95", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface."}, {"lang": "es", "value": "Zebra anteriores a 0.91 y quagga anteriores a 0.95 permite a usuarios locales causar una denegaci\u00f3n de servicio enviando mensajes suplantando a otros usuarios al interfaz del kernel netlink."}], "id": "CVE-2003-0858", "lastModified": "2017-10-11T01:29:15.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-12-15T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/10563"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2004/dsa-415"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2003-305.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2003-307.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2003-315.html"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}