Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1127
HistoryJul 28, 2006 - 12:00 a.m.

ethereal - several

2006-07-2800:00:00
Google
osv.dev
8

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.04 Low

EPSS

Percentile

90.8%

JSON

Several remote vulnerabilities have been discovered in the Ethereal network
sniffer, which may lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2006-3628
    Ilja van Sprundel discovered that the FW-1 and MQ dissectors are
    vulnerable to format string attacks.
  • CVE-2006-3629
    Ilja van Sprundel discovered that the MOUNT dissector is vulnerable
    to denial of service through memory exhaustion.
  • CVE-2006-3630
    Ilja van Sprundel discovered off-by-one overflows in the NCP NMAS and
    NDPS dissectors.
  • CVE-2006-3631
    Ilja van Sprundel discovered a buffer overflow in the NFS dissector.
  • CVE-2006-3632
    Ilja van Sprundel discovered that the SSH dissector is vulnerable
    to denial of service through an infinite loop.

For the stable distribution (sarge) these problems have been fixed in
version 0.10.10-2sarge6.

For the unstable distribution (sid) these problems have been fixed in
version 0.99.2-1 of wireshark, the sniffer formerly known as ethereal.

We recommend that you upgrade your ethereal packages.

Related

openvas 6
nessus 9
debian 1
altlinux 1
securityvulns 1
centos 2
gentoo 1
redhat 1
oraclelinux 1
cve 5
debiancve 5
ubuntucve 5
openvas
openvas
Debian: Security Advisory (DSA-1127)
2008-01-17 00:00:00
Debian Security Advisory DSA 1127-1 (ethereal)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200607-09 (wireshark ethereal)
2008-09-24 00:00:00
nessus
nessus
Debian DSA-1127-1 : ethereal - several vulnerabilities
2006-10-14 00:00:00
RHEL 2.1 / 3 / 4 : wireshark (RHSA-2006:0602)
2006-08-21 00:00:00
SuSE 10 Security Update : ethereal (ZYPP Patch Number 1930)
2007-12-13 00:00:00
debian
debian
[SECURITY] [DSA 1127-1] New ethereal packages fix several vulnerabilities
2006-07-28 05:41:07
altlinux
altlinux
Security fix for the ALT Linux 9 package wireshark version 0.99.2-alt1
2006-07-18 00:00:00
securityvulns
securityvulns
[ MDKSA-2006:128 ] - Updated wireshark packages fix numerous vulnerabilities
2006-07-22 00:00:00
centos
centos
wireshark security update
2006-08-16 23:38:08
wireshark security update
2006-08-16 19:29:57
gentoo
gentoo
Wireshark: Multiple vulnerabilities
2006-07-25 00:00:00
redhat
redhat
(RHSA-2006:0602) wireshark security update (was ethereal)
2006-08-16 00:00:00
oraclelinux
oraclelinux
Moderate wireshark security update
2006-12-07 00:00:00
cve
cve
CVE-2006-3629
2006-07-21 14:03:00
CVE-2006-3632
2006-07-21 14:03:00
CVE-2006-3630
2006-07-21 14:03:00
debiancve
debiancve
CVE-2006-3629
2006-07-21 14:03:00
CVE-2006-3630
2006-07-21 14:03:00
CVE-2006-3632
2006-07-21 14:03:00
ubuntucve
ubuntucve
CVE-2006-3630
2006-07-21 00:00:00
CVE-2006-3632
2006-07-21 00:00:00
CVE-2006-3631
2006-07-21 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.04 Low

EPSS

Percentile

90.8%

JSON
Related for OSV:DSA-1127
openvas6nessus9debian1altlinux1securityvulns1centos2gentoo1redhat1oraclelinux1cve5debiancve5ubuntucve5