10 - DSA-313

Executive Summary

Summary
Title	New ethereal packages fix buffer overflows, integer overflows

Informations
Name	DSA-313	First vendor Publication	2003-06-11
Vendor	Debian	Last vendor Modification	2003-06-11
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Timo Sirainen discovered several vulnerabilities in ethereal, a network traffic analyzer. These include one-byte buffer overflows in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors, and integer overflows in the Mount and PPP dissectors.

For the stable distribution (woody) these problems have been fixed in version 0.9.4-1woody4.

The old stable distribution (potato) does not appear to contain these vulnerabilities.

For the unstable distribution (sid) these problems are fixed in version 0.9.12-1.

We recommend that you update your ethereal package.

Original Source

Url : http://www.debian.org/security/2003/dsa-313

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-193	Off-by-one Error

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:69

Oval ID:	oval:org.mitre.oval:def:69
Title:	Off-by-one Vulnerabilities in Ethereal 0.9.11
Description:	Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0356	Version:	2
Platform(s):	Red Hat Linux 9	Product(s):	Ethereal
Definition Synopsis:
Red Hat 9 is installed AND ix86 architecture AND Vulnerable Config ethereal version is less than 0.9.13-1.90.1 AND ethereal-gnome version is less than 0.9.13-1.90.1

Definition Id: oval:org.mitre.oval:def:73

Oval ID:	oval:org.mitre.oval:def:73
Title:	Integer Overflow Vulnerabilities in Ethereal 0.9.11
Description:	Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0357	Version:	2
Platform(s):	Red Hat Linux 9	Product(s):	Ethereal
Definition Synopsis:
Red Hat 9 is installed AND ix86 architecture AND Vulnerable Config ethereal version is less than 0.9.13-1.90.1 AND ethereal-gnome version is less than 0.9.13-1.90.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Ethereal cpe:2.3:a:ethereal:ethereal::::::::	1
Application	Ethereal Group Ethereal cpe:2.3:a:ethereal_group:ethereal:0.9.9:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9.8:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9.7:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9.6:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9.5:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9.4:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9.3:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9.2:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9.11:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9.10:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9.1:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9.0:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9_.0:::::::* cpe:2.3:a:ethereal_group:ethereal:0.9:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.9:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.8:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.7:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.6:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.5:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.4:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.20:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.19:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.18:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.17a:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.17:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.16:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.15:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.14:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.13:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.12:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.11:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8.10:::::::* cpe:2.3:a:ethereal_group:ethereal:0.8:::::::* cpe:2.3:a:ethereal_group:ethereal:0.7.7:::::::* cpe:2.3:a:ethereal_group:ethereal::::::::	35

OpenVAS Exploits

Date	Description
2008-01-17	Name : Debian Security Advisory DSA 313-1 (ethereal) File : nvt/deb_313_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
6917	Ethereal TSP Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The TSP Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity.
6916	Ethereal SMPP Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The SMPP Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity.
6915	Ethereal SMB Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The SMB Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity.
6914	Ethereal rsync Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The Rsync Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity.
6913	Ethereal Quake3 Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The Quake3 Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity.
6912	Ethereal Quake2 Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The Quake2 Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity.
6911	Ethereal Quake Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The Quake Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity.
6910	Ethereal PPTP Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The PPTP Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity.
6909	Ethereal OSPF Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The OSPF Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity.
6908	Ethereal GIOP Gryphon Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The GIOP Gryphon Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity.
6907	Ethereal PPP Dissector Remote Integer Overflow
4342	Ethereal Mount Dissector Remote Integer Overflow
4341	Ethereal AIM Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The AIM Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity.

Nessus® Vulnerability Scanner

Date	Description
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-313.nasl - Type : ACT_GATHER_INFO
2004-07-31	Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2003-067.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-077.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:32:39	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	2
CPE ID(s)	36
osvdb(s)	13
Openvas Exploit(s)	1
Nessus® Exploit(s)	3

	Related
9.8	CVE-2003-0356
7.5	CVE-2003-0357
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

10 - DSA-313

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU