Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:542540
HistoryJun 12, 2003 - 12:00 a.m.

Ethereal DCE RPC dissector vulnerable to DoS

2003-06-1200:00:00
www.kb.cert.org
7

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON

Overview

A vulnerability in Ethereal may allow a remote attacker to cause a denial of service.

Description

The Ethereal web site describes Ethereal as “a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.”

Ethereal includes the ability to examine packets containing DCE RPC data (DCE RPC is “a facility for calling a procedure on a remote machine as if it were a local procedure call”). The vulnerability exists in the way Ethereal’s DCE RPC dissector allocates memory. For more information, please see Ethereal’s announcement.

Impact

A remote attacker may be able to consume excessive amounts of memory, and potentially crash Ethereal.

Solution

Upgrade to Ethereal version 0.9.13.

Vendor Information

542540

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Ethereal __ Affected

Updated: June 12, 2003

Status

Affected

Vendor Statement

See <http://www.ethereal.com/appnotes/enpa-sa-00010.html&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23542540 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

The CERT/CC thanks Ethereal for publishing enpa-sa-00010, upon which this document is based.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2003-0428
Severity Metric: 7.50 Date Public:

Related

cvelist 1
cve 1
nessus 3
osv 1
openvas 2
debian 1
securityvulns 1
redhat 1
cvelist
cvelist
CVE-2003-0428
2003-06-18 04:00:00
cve
cve
CVE-2003-0428
2003-07-24 04:00:00
nessus
nessus
Debian DSA-324-1 : ethereal - several vulnerabilities
2004-09-29 00:00:00
Mandrake Linux Security Advisory : ethereal (MDKSA-2003:070)
2004-07-31 00:00:00
RHEL 2.1 : ethereal (RHSA-2003:077)
2004-07-06 00:00:00
osv
osv
ethereal - several vulnerabilities
2003-06-18 00:00:00
openvas
openvas
Debian Security Advisory DSA 324-1 (ethereal)
2008-01-17 00:00:00
Debian Security Advisory DSA 324-1 (ethereal)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA-324-1] New ethereal packages fix multiple vulnerabilities
2003-06-17 00:00:00
securityvulns
securityvulns
OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12
2003-11-10 00:00:00
redhat
redhat
(RHSA-2003:077) ethereal security update
2003-07-08 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON
Related for VU:542540
cvelist1cve1nessus3osv1openvas2debian1securityvulns1redhat1