Bug 48993 (CVE-2003-0858)

Summary: VUL-0: CVE-2003-0858: zebra and quagga - DoS by netlink messages sent by other users
Product: [Novell Products] SUSE Security Incidents Reporter: Petr Ostadal <postadal>
Component: IncidentsAssignee: Thomas Biege <thomas>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team, thomas
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2003-0858: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: patchinfo.zebra
patchinfo-box.zebra
patchinfo-box.quagga

Description Petr Ostadal 2004-01-16 20:00:44 UTC 
CAN-2003-0858 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0858) -
Netlink messages sent by other users (rather than the kernel) would be accepted,
leading to a denial of service.

The information about security bug is on http://www.debian.org/security/2004/dsa-415
Comment 1 Thomas Biege 2004-01-19 20:55:20 UTC 
Hi Peter, 
thanks for the info. 
I attached the patchinfo files and will create the "laufzettel".
Comment 2 Thomas Biege 2004-01-19 20:56:46 UTC 
Created attachment 15688 [details]
patchinfo.zebra
Comment 3 Thomas Biege 2004-01-19 20:57:18 UTC 
Created attachment 15689 [details]
patchinfo-box.zebra
Comment 4 Thomas Biege 2004-01-19 20:57:55 UTC 
Created attachment 15690 [details]
patchinfo-box.quagga
Comment 5 Petr Ostadal 2004-01-19 23:14:51 UTC 
I fixed and submited it for all distros.

After autobuild rebuild rpms I will submit p&p files.
Comment 6 Petr Ostadal 2004-01-20 18:36:08 UTC 
Rpms was rebuilded and I submited p&p files.
Comment 7 Thomas Biege 2004-01-22 18:12:20 UTC 
*** Bug 47534 has been marked as a duplicate of this bug. ***
Comment 8 Thomas Biege 2004-01-30 17:06:15 UTC 
packages approved
Comment 9 Thomas Biege 2009-10-13 19:43:54 UTC 
CVE-2003-0858: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)