Executive Summary
| Summary | |
|---|---|
| Title | Updated Ethereal packages fix security issues |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2003:077 | First vendor Publication | 2003-07-08 |
| Vendor | RedHat | Last vendor Modification | 2003-07-08 |
| Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2003-077.html |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-193 | Off-by-one Error |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:101 | |||
| Oval ID: | oval:org.mitre.oval:def:101 | ||
| Title: | Ethereal 0-Length Buffer Size Vulnerability in tvb_get_nstring0() | ||
| Description: | The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0431 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:106 | |||
| Oval ID: | oval:org.mitre.oval:def:106 | ||
| Title: | Various Ethereal Dissector Vulnerabilities | ||
| Description: | Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0432 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:54 | |||
| Oval ID: | oval:org.mitre.oval:def:54 | ||
| Title: | Ethereal SOCKS String Format Vulnerability | ||
| Description: | Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0081 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:55 | |||
| Oval ID: | oval:org.mitre.oval:def:55 | ||
| Title: | Ethereal NTLMSSP Buffer Overflow | ||
| Description: | Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0159 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:69 | |||
| Oval ID: | oval:org.mitre.oval:def:69 | ||
| Title: | Off-by-one Vulnerabilities in Ethereal 0.9.11 | ||
| Description: | Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0356 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:73 | |||
| Oval ID: | oval:org.mitre.oval:def:73 | ||
| Title: | Integer Overflow Vulnerabilities in Ethereal 0.9.11 | ||
| Description: | Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0357 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:75 | |||
| Oval ID: | oval:org.mitre.oval:def:75 | ||
| Title: | Ethereal 0.9.12 Vulnerability in DCERPC Dissector | ||
| Description: | Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0428 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:84 | |||
| Oval ID: | oval:org.mitre.oval:def:84 | ||
| Title: | Ethereal 0.9.12 Vulnerability in OSI Dissector | ||
| Description: | The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0429 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:88 | |||
| Oval ID: | oval:org.mitre.oval:def:88 | ||
| Title: | Ethereal SPNEGO Dissector Denial of Service Vulnerability | ||
| Description: | The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0430 | Version: | 4 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 258-1 (ethereal) File : nvt/deb_258_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 313-1 (ethereal) File : nvt/deb_313_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 324-1 (ethereal) File : nvt/deb_324_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 6917 | Ethereal TSP Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The TSP Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity. |
| 6916 | Ethereal SMPP Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The SMPP Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity. |
| 6915 | Ethereal SMB Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The SMB Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity. |
| 6914 | Ethereal rsync Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The Rsync Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity. |
| 6913 | Ethereal Quake3 Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The Quake3 Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity. |
| 6912 | Ethereal Quake2 Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The Quake2 Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity. |
| 6911 | Ethereal Quake Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The Quake Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity. |
| 6910 | Ethereal PPTP Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The PPTP Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity. |
| 6909 | Ethereal OSPF Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The OSPF Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity. |
| 6908 | Ethereal GIOP Gryphon Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The GIOP Gryphon Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity. |
| 6907 | Ethereal PPP Dissector Remote Integer Overflow |
| 6906 | Ethereal RMI Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the RMI Dissector. No further details have been provided. |
| 6905 | Ethereal ISIS Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the ISIS Dissector. No further details have been provided. |
| 6904 | Ethereal CLNP Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the CLNP Dissector. No further details have been provided. |
| 6903 | Ethereal WSP Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the WSP Dissector. No further details have been provided. |
| 6902 | Ethereal ISAKMP Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the ISAKMP Dissector. No further details have been provided. |
| 6901 | Ethereal 802.11 Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the 802.11 Dissector. No further details have been provided. |
| 6900 | Ethereal DNS Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the DNS Dissector. No further details have been provided. |
| 6899 | Ethereal WTP Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the WTP Dissector. No further details have been provided. |
| 6133 | Ethereal SPNEGO Dissector DoS Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered by sending malformed traffic which causes a null pointer dereference in the SPNEGO dissector, and will result in loss of availability for the product. |
| 4480 | Ethereal BGP Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the BGP Dissector. No further details have been provided. |
| 4479 | Ethereal tvb_get_nstringz0 Zero-length Overflow A remote overflow exists in Ethereal. The tvb_get_nstringz0 function fails to properly handle zero-length buffer sizes resulting in a buffer overflow. With a specially crafted packet, an attacker can potentially execute arbitrary code resulting in a loss of integrity and/or availability. |
| 4478 | Ethereal OSI Dissector Overflow A remote overflow exists in Ethereal. The OSI dissector fails to properly check bounds on the prefix length of IPv4 or IPv6 packets, resulting in a buffer overflow. With a specially crafted packet, an attacker can potentially execute arbitrary code resulting in a loss of integrity and/or availability. |
| 4477 | Ethereal DCERPC Dissector DoS Ethereal contains a flaw that may allow a remote denial of service. The issue can be triggered if the DCERPC decoder attempts to parse NDR strings and could result in Ethereal using all available memory resulting in a loss of availability for the service, and potentially the platform. |
| 4466 | Ethereal SOCKS Dissector Format String Overflow |
| 4465 | Ethereal NTLMSSP Dissector Overflow |
| 4342 | Ethereal Mount Dissector Remote Integer Overflow |
| 4341 | Ethereal AIM Dissector Remote Off-by-one Overflow A remote overflow exists in Ethereal. The AIM Dissector fails to validate input to memory buffers resulting in an off-by-one overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of integrity. |
| 2177 | Ethereal SPNEGO Dissector DoS Ethereal contains a flaw that may allow a remote denial of service. The issue can be triggered when the SPNEGO dissector is used and an invalid ASN.1 value is parsed, and will result in loss of availability for the service. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-258.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-313.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-324.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2003-051.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2003-067.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2003-070.nasl - Type : ACT_GATHER_INFO |
| 2004-07-25 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2003_019.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-077.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:48:04 |
|
