Executive Summary
Summary | |
---|---|
Title | New ethereal packages fix buffer overflow |
Informations | |||
---|---|---|---|
Name | DSA-653 | First vendor Publication | 2005-01-21 |
Vendor | Debian | Last vendor Modification | 2005-01-21 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A buffer overflow has been detected in the X11 dissector of ethereal, a commonly used network traffic analyser. A remote attacker may be able to overflow a buffer using a specially crafted IP packet. More problems have been discovered which don't apply to the version in woody but are fixed in sid as well. For the stable distribution (woody) this problem has been fixed in version 0.9.4-1woody11. For the unstable distribution (sid) this problem has been fixed in version 0.10.9-1. We recommend that you upgrade your ethereal package. |
Original Source
Url : http://www.debian.org/security/2005/dsa-653 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9140 | |||
Oval ID: | oval:org.mitre.oval:def:9140 | ||
Title: | Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet. | ||
Description: | Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 allows remote attackers to execute arbitrary code via a crafted packet. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0084 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5010966.nasl |
2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5016846.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-27 (ethereal) File : nvt/glsa_200501_27.nasl |
2008-09-04 | Name : FreeBSD Ports: ethereal, ethereal-lite, tethereal, tethereal-lite File : nvt/freebsd_ethereal0.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 653-1 (ethereal) File : nvt/deb_653_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
13113 | Ethereal X11 Protocol Dissector Overflow A remote overflow exists in Ethereal. The X11 protocol dissector fails to validate some unspecified strings resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_831a6a6679fa11d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO |
2005-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-037.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200501-27.nasl - Type : ACT_GATHER_INFO |
2005-02-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-011.nasl - Type : ACT_GATHER_INFO |
2005-01-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-653.nasl - Type : ACT_GATHER_INFO |
2005-01-25 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-013.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:33:48 |
|