Executive Summary
Summary | |
---|---|
Title | New ethereal packages fix denial of service |
Informations | |||
---|---|---|---|
Name | DSA-1201 | First vendor Publication | 2006-10-31 |
Vendor | Debian | Last vendor Modification | 2006-10-31 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several remote vulnerabilities have been discovered in the Ethereal network scanner. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-4574 It was discovered that the MIME multipart dissector is vulnerable to denial of service caused by an off-by-one overflow. CVE-2006-4805 It was discovered that the XOT dissector is vulnerable to denial of service caused by memory corruption. For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge9. Due to technical problems with the security buildd infrastructure this update lacks builds for the hppa and sparc architecture. They will be released as soon as the problems are resolved. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your ethereal packages. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1201 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-617 | Reachable Assertion |
50 % | CWE-193 | Off-by-one Error |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10199 | |||
Oval ID: | oval:org.mitre.oval:def:10199 | ||
Title: | epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. | ||
Description: | epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4805 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9740 | |||
Oval ID: | oval:org.mitre.oval:def:9740 | ||
Title: | Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that tragger an assertion error related to unexpected length values. | ||
Description: | Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that tragger an assertion error related to unexpected length values. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4574 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5018978.nasl |
2009-02-27 | Name : Fedora Update for wireshark FEDORA-2007-207 File : nvt/gb_fedora_2007_207_wireshark_fc5.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1201-1 (ethereal) File : nvt/deb_1201_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
30072 | Wireshark MIME Multipart Dissector Off-by-one |
30070 | Wireshark XOT Dissector Unspecified Resource Consumption DoS |
21931 | CommonSpot Content Server loader.cfm bNewWindow Parameter XSS CommonSpot Content Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bNewWindow' variable upon submission to the 'loader.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0726.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0726.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ethereal-2248.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_ethereal-2246.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-195.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_065.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1140.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1141.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0726.nasl - Type : ACT_GATHER_INFO |
2006-11-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1201.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:17 |
|
2013-05-11 12:17:10 |
|