Executive Summary
| Summary | |
|---|---|
| Title | New ethereal packages fix multiple vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | DSA-324 | First vendor Publication | 2003-06-18 |
| Vendor | Debian | Last vendor Modification | 2003-06-18 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several of the packet dissectors in ethereal contain string handling bugs which could be exploited using a maliciously crafted packet to cause ethereal to consume excessive amounts of memory, crash, or execute arbitrary code. These vulnerabilites were announced in the following Ethereal security advisory: http://www.ethereal.com/appnotes/enpa-sa-00010.html Ethereal 0.9.4 in Debian 3.0 (woody) is affected by most of the problems described in the advisory, including: * The DCERPC dissector could try to allocate too much memory while trying to decode an NDR string. * Bad IPv4 or IPv6 prefix lengths could cause an overflow in the OSI dissector. * The tvb_get_nstringz0() routine incorrectly handled a zero-length buffer size. * The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, and ISIS dissectors handled strings improperly. The following problems do NOT affect this version: * The SPNEGO dissector could segfault while parsing an invalid ASN.1 value. * The RMI dissector handled strings improperly as these modules are not present. For the stable distribution (woody) these problems have been fixed in version 0.9.4-1woody5. The old stable distribution (potato) these problems will be fixed in a future advisory. For the unstable distribution (sid) these problems are fixed in version 0.9.13-1. We recommend that you update your ethereal package. |
Original Source
| Url : http://www.debian.org/security/2003/dsa-324 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:101 | |||
| Oval ID: | oval:org.mitre.oval:def:101 | ||
| Title: | Ethereal 0-Length Buffer Size Vulnerability in tvb_get_nstring0() | ||
| Description: | The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0431 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:106 | |||
| Oval ID: | oval:org.mitre.oval:def:106 | ||
| Title: | Various Ethereal Dissector Vulnerabilities | ||
| Description: | Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0432 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:75 | |||
| Oval ID: | oval:org.mitre.oval:def:75 | ||
| Title: | Ethereal 0.9.12 Vulnerability in DCERPC Dissector | ||
| Description: | Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0428 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:84 | |||
| Oval ID: | oval:org.mitre.oval:def:84 | ||
| Title: | Ethereal 0.9.12 Vulnerability in OSI Dissector | ||
| Description: | The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0429 | Version: | 2 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Ethereal |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 324-1 (ethereal) File : nvt/deb_324_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 6906 | Ethereal RMI Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the RMI Dissector. No further details have been provided. |
| 6905 | Ethereal ISIS Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the ISIS Dissector. No further details have been provided. |
| 6904 | Ethereal CLNP Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the CLNP Dissector. No further details have been provided. |
| 6903 | Ethereal WSP Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the WSP Dissector. No further details have been provided. |
| 6902 | Ethereal ISAKMP Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the ISAKMP Dissector. No further details have been provided. |
| 6901 | Ethereal 802.11 Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the 802.11 Dissector. No further details have been provided. |
| 6900 | Ethereal DNS Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the DNS Dissector. No further details have been provided. |
| 6899 | Ethereal WTP Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the WTP Dissector. No further details have been provided. |
| 4480 | Ethereal BGP Dissector String Handling Flaw Ethereal contains a flaw related to the string handling in the BGP Dissector. No further details have been provided. |
| 4479 | Ethereal tvb_get_nstringz0 Zero-length Overflow A remote overflow exists in Ethereal. The tvb_get_nstringz0 function fails to properly handle zero-length buffer sizes resulting in a buffer overflow. With a specially crafted packet, an attacker can potentially execute arbitrary code resulting in a loss of integrity and/or availability. |
| 4478 | Ethereal OSI Dissector Overflow A remote overflow exists in Ethereal. The OSI dissector fails to properly check bounds on the prefix length of IPv4 or IPv6 packets, resulting in a buffer overflow. With a specially crafted packet, an attacker can potentially execute arbitrary code resulting in a loss of integrity and/or availability. |
| 4477 | Ethereal DCERPC Dissector DoS Ethereal contains a flaw that may allow a remote denial of service. The issue can be triggered if the DCERPC decoder attempts to parse NDR strings and could result in Ethereal using all available memory resulting in a loss of availability for the service, and potentially the platform. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-324.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2003-070.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-077.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:32:41 |
|
