ethereal -- multiple vulnerabilities

2004-12-1400:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

89.9%

JSON

An Ethreal Security Advisories reports:

Issues have been discovered in the following protocol
dissectors:

Matthew Bing discovered a bug in DICOM dissection that
could make Ethereal crash.
An invalid RTP timestamp could make Ethereal hang and
create a large temporary file, possibly filling
available disk space.
The HTTP dissector could access previously-freed
memory, causing a crash.
Brian Caswell discovered that an improperly formatted
SMB packet could make Ethereal hang, maximizing CPU
utilization.

Impact: It may be possible to make Ethereal crash or run
arbitrary code by injecting a purposefully malformed
packet onto the wire or by convincing someone to read a
malformed packet trace file.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchethereal< 0.10.8UNKNOWN
FreeBSDanynoarchethereal-lite< 0.10.8UNKNOWN
FreeBSDanynoarchtethereal< 0.10.8UNKNOWN
FreeBSDanynoarchtethereal-lite< 0.10.8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	ethereal	< 0.10.8	UNKNOWN
FreeBSD	any	noarch	ethereal-lite	< 0.10.8	UNKNOWN
FreeBSD	any	noarch	tethereal	< 0.10.8	UNKNOWN
FreeBSD	any	noarch	tethereal-lite	< 0.10.8	UNKNOWN