{"id": "OSVDB:2177", "bulletinFamily": "software", "title": "Ethereal SPNEGO Dissector DoS", "description": "## Vulnerability Description\nEthereal contains a flaw that may allow a remote denial of service. The issue can be triggered when the SPNEGO dissector is used and an invalid ASN.1 value is parsed, and will result in loss of availability for the service.\n## Solution Description\nUpgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable the SPNEGO protocol dissector by selecting Analyze->Enabled Protocols... and deselecting the SPNEGO-KRB5 protocol from the list\n## Short Description\nEthereal contains a flaw that may allow a remote denial of service. The issue can be triggered when the SPNEGO dissector is used and an invalid ASN.1 value is parsed, and will result in loss of availability for the service.\n## References:\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00010.html)\n[Vendor Specific Advisory URL](https://rhn.redhat.com/errata/RHSA-2003-203.html)\nSecurity Tracker: 1006974\n[Secunia Advisory ID:9007](https://secuniaresearch.flexerasoftware.com/advisories/9007/)\n[Related OSVDB ID: 4479](https://vulners.com/osvdb/OSVDB:4479)\n[Related OSVDB ID: 4477](https://vulners.com/osvdb/OSVDB:4477)\n[Related OSVDB ID: 4478](https://vulners.com/osvdb/OSVDB:4478)\n[Related OSVDB ID: 4480](https://vulners.com/osvdb/OSVDB:4480)\nISS X-Force ID: 12318\n[CVE-2003-0430](https://vulners.com/cve/CVE-2003-0430)\nBugtraq ID: 7879\n", "published": "2003-06-11T00:00:00", "modified": "2003-06-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:2177", "reporter": "Timo Sirainen()", "references": [], "cvelist": ["CVE-2003-0430"], "type": "osvdb", "lastseen": "2017-04-28T13:19:57", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "082bab9d818701a58aa5b025f6b1a251"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "e609c74e9b2441d09d684b255efd50c6"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "d42c4ca6d293e267ebeb9fb5a7c57a34"}, {"key": "href", "hash": "f0b00931092df72b27ae7c80599ad5cd"}, {"key": "modified", "hash": "c7b49bfaaf93f1b2eb7c4eadc9b7e528"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "c7b49bfaaf93f1b2eb7c4eadc9b7e528"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "74bf55229c684fc74526e0ebad82e257"}, {"key": "title", "hash": "3a86d587ee84a11b0e3a523b4deade91"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "3c17dbb3ea19ce9b1689606947c7b6e73c5cce23b17c662835dbe25f13fe6aa8", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [{"name": "Ethereal", "operator": "eq", "version": "0.9.12"}, {"name": "Ethereal", "operator": "eq", "version": "0.9.10"}, {"name": "Ethereal", "operator": "eq", "version": "0.9.11"}, {"name": "Ethereal", "operator": "eq", "version": "0.9.7"}, {"name": "Ethereal", "operator": "eq", "version": "0.9.8"}, {"name": "Ethereal", "operator": "eq", "version": "0.9.9"}], "enchantments": {"vulnersScore": 3.5}}

{"result": {"cve": [{"id": "CVE-2003-0430", "type": "cve", "title": "CVE-2003-0430", "description": "The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.", "published": "2003-07-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0430", "cvelist": ["CVE-2003-0430"], "lastseen": "2017-10-11T11:05:49"}], "osvdb": [{"id": "OSVDB:6133", "type": "osvdb", "title": "Ethereal SPNEGO Dissector DoS", "description": "## Vulnerability Description\nEthereal contains a flaw that may allow a remote denial of service. The issue is triggered by sending malformed traffic which causes a null pointer dereference in the SPNEGO dissector, and will result in loss of availability for the product.\n\n\n## Solution Description\nUpgrade to version 0.10.4 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable SPNEGO protocol dissector\n## Short Description\nEthereal contains a flaw that may allow a remote denial of service. The issue is triggered by sending malformed traffic which causes a null pointer dereference in the SPNEGO dissector, and will result in loss of availability for the product.\n\n\n## References:\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200406-01.xml)\nSecurity Tracker: 1010158\n[Secunia Advisory ID:11608](https://secuniaresearch.flexerasoftware.com/advisories/11608/)\n[Secunia Advisory ID:11776](https://secuniaresearch.flexerasoftware.com/advisories/11776/)\n[Related OSVDB ID: 6131](https://vulners.com/osvdb/OSVDB:6131)\n[Related OSVDB ID: 6134](https://vulners.com/osvdb/OSVDB:6134)\n[Related OSVDB ID: 6132](https://vulners.com/osvdb/OSVDB:6132)\nOther Advisory URL: http://www.ethereal.com/appnotes/enpa-sa-00014.html\nISS X-Force ID: 16151\n[CVE-2003-0430](https://vulners.com/cve/CVE-2003-0430)\nBugtraq ID: 10347\n", "published": "2004-05-14T02:02:05", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:6133", "cvelist": ["CVE-2003-0430"], "lastseen": "2017-04-28T13:20:00"}, {"id": "OSVDB:6903", "type": "osvdb", "title": "Ethereal WSP Dissector String Handling Flaw", "description": "## Vulnerability Description\nEthereal contains a flaw related to the string handling in the WSP Dissector. No further details have been provided.\n## Solution Description\nUpgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nEthereal contains a flaw related to the string handling in the WSP Dissector. No further details have been provided.\n## References:\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00010.html)\n[Secunia Advisory ID:9007](https://secuniaresearch.flexerasoftware.com/advisories/9007/)\n[Related OSVDB ID: 4479](https://vulners.com/osvdb/OSVDB:4479)\n[Related OSVDB ID: 6906](https://vulners.com/osvdb/OSVDB:6906)\n[Related OSVDB ID: 2177](https://vulners.com/osvdb/OSVDB:2177)\n[Related OSVDB ID: 4477](https://vulners.com/osvdb/OSVDB:4477)\n[Related OSVDB ID: 4478](https://vulners.com/osvdb/OSVDB:4478)\n[Related OSVDB ID: 4480](https://vulners.com/osvdb/OSVDB:4480)\n[Related OSVDB ID: 6900](https://vulners.com/osvdb/OSVDB:6900)\n[Related OSVDB ID: 6901](https://vulners.com/osvdb/OSVDB:6901)\n[Related OSVDB ID: 6902](https://vulners.com/osvdb/OSVDB:6902)\n[Related OSVDB ID: 6899](https://vulners.com/osvdb/OSVDB:6899)\n[Related OSVDB ID: 6904](https://vulners.com/osvdb/OSVDB:6904)\n[Related OSVDB ID: 6905](https://vulners.com/osvdb/OSVDB:6905)\n[CVE-2003-0430](https://vulners.com/cve/CVE-2003-0430)\n[CVE-2003-0429](https://vulners.com/cve/CVE-2003-0429)\n[CVE-2003-0431](https://vulners.com/cve/CVE-2003-0431)\n[CVE-2003-0432](https://vulners.com/cve/CVE-2003-0432)\n[CVE-2003-0428](https://vulners.com/cve/CVE-2003-0428)\n", "published": "2003-06-11T16:55:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:6903", "cvelist": ["CVE-2003-0432", "CVE-2003-0428", "CVE-2003-0429", "CVE-2003-0431", "CVE-2003-0430"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6906", "type": "osvdb", "title": "Ethereal RMI Dissector String Handling Flaw", "description": "## Vulnerability Description\nEthereal contains a flaw related to the string handling in the RMI Dissector. No further details have been provided.\n## Solution Description\nUpgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nEthereal contains a flaw related to the string handling in the RMI Dissector. No further details have been provided.\n## References:\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00010.html)\n[Secunia Advisory ID:9007](https://secuniaresearch.flexerasoftware.com/advisories/9007/)\n[Related OSVDB ID: 6903](https://vulners.com/osvdb/OSVDB:6903)\n[Related OSVDB ID: 4479](https://vulners.com/osvdb/OSVDB:4479)\n[Related OSVDB ID: 2177](https://vulners.com/osvdb/OSVDB:2177)\n[Related OSVDB ID: 4477](https://vulners.com/osvdb/OSVDB:4477)\n[Related OSVDB ID: 4478](https://vulners.com/osvdb/OSVDB:4478)\n[Related OSVDB ID: 4480](https://vulners.com/osvdb/OSVDB:4480)\n[Related OSVDB ID: 6900](https://vulners.com/osvdb/OSVDB:6900)\n[Related OSVDB ID: 6901](https://vulners.com/osvdb/OSVDB:6901)\n[Related OSVDB ID: 6902](https://vulners.com/osvdb/OSVDB:6902)\n[Related OSVDB ID: 6899](https://vulners.com/osvdb/OSVDB:6899)\n[Related OSVDB ID: 6904](https://vulners.com/osvdb/OSVDB:6904)\n[Related OSVDB ID: 6905](https://vulners.com/osvdb/OSVDB:6905)\n[CVE-2003-0430](https://vulners.com/cve/CVE-2003-0430)\n[CVE-2003-0429](https://vulners.com/cve/CVE-2003-0429)\n[CVE-2003-0431](https://vulners.com/cve/CVE-2003-0431)\n[CVE-2003-0432](https://vulners.com/cve/CVE-2003-0432)\n[CVE-2003-0428](https://vulners.com/cve/CVE-2003-0428)\n", "published": "2003-06-11T16:55:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:6906", "cvelist": ["CVE-2003-0432", "CVE-2003-0428", "CVE-2003-0429", "CVE-2003-0431", "CVE-2003-0430"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:4480", "type": "osvdb", "title": "Ethereal BGP Dissector String Handling Flaw", "description": "## Vulnerability Description\nEthereal contains a flaw related to the string handling in the BGP Dissector. No further details have been provided.\n## Solution Description\nUpgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nEthereal contains a flaw related to the string handling in the BGP Dissector. No further details have been provided.\n## References:\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00010.html)\n[Secunia Advisory ID:9007](https://secuniaresearch.flexerasoftware.com/advisories/9007/)\n[Related OSVDB ID: 6903](https://vulners.com/osvdb/OSVDB:6903)\n[Related OSVDB ID: 4479](https://vulners.com/osvdb/OSVDB:4479)\n[Related OSVDB ID: 6906](https://vulners.com/osvdb/OSVDB:6906)\n[Related OSVDB ID: 2177](https://vulners.com/osvdb/OSVDB:2177)\n[Related OSVDB ID: 4477](https://vulners.com/osvdb/OSVDB:4477)\n[Related OSVDB ID: 4478](https://vulners.com/osvdb/OSVDB:4478)\n[Related OSVDB ID: 6900](https://vulners.com/osvdb/OSVDB:6900)\n[Related OSVDB ID: 6901](https://vulners.com/osvdb/OSVDB:6901)\n[Related OSVDB ID: 6902](https://vulners.com/osvdb/OSVDB:6902)\n[Related OSVDB ID: 6899](https://vulners.com/osvdb/OSVDB:6899)\n[Related OSVDB ID: 6904](https://vulners.com/osvdb/OSVDB:6904)\n[Related OSVDB ID: 6905](https://vulners.com/osvdb/OSVDB:6905)\n[CVE-2003-0430](https://vulners.com/cve/CVE-2003-0430)\n[CVE-2003-0429](https://vulners.com/cve/CVE-2003-0429)\n[CVE-2003-0431](https://vulners.com/cve/CVE-2003-0431)\n[CVE-2003-0432](https://vulners.com/cve/CVE-2003-0432)\n[CVE-2003-0428](https://vulners.com/cve/CVE-2003-0428)\n", "published": "2003-06-11T16:55:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:4480", "cvelist": ["CVE-2003-0432", "CVE-2003-0428", "CVE-2003-0429", "CVE-2003-0431", "CVE-2003-0430"], "lastseen": "2017-04-28T13:19:59"}, {"id": "OSVDB:6902", "type": "osvdb", "title": "Ethereal ISAKMP Dissector String Handling Flaw", "description": "## Vulnerability Description\nEthereal contains a flaw related to the string handling in the ISAKMP Dissector. No further details have been provided.\n## Solution Description\nUpgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nEthereal contains a flaw related to the string handling in the ISAKMP Dissector. No further details have been provided.\n## References:\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00010.html)\n[Secunia Advisory ID:9007](https://secuniaresearch.flexerasoftware.com/advisories/9007/)\n[Related OSVDB ID: 6903](https://vulners.com/osvdb/OSVDB:6903)\n[Related OSVDB ID: 4479](https://vulners.com/osvdb/OSVDB:4479)\n[Related OSVDB ID: 6906](https://vulners.com/osvdb/OSVDB:6906)\n[Related OSVDB ID: 2177](https://vulners.com/osvdb/OSVDB:2177)\n[Related OSVDB ID: 4477](https://vulners.com/osvdb/OSVDB:4477)\n[Related OSVDB ID: 4478](https://vulners.com/osvdb/OSVDB:4478)\n[Related OSVDB ID: 4480](https://vulners.com/osvdb/OSVDB:4480)\n[Related OSVDB ID: 6900](https://vulners.com/osvdb/OSVDB:6900)\n[Related OSVDB ID: 6901](https://vulners.com/osvdb/OSVDB:6901)\n[Related OSVDB ID: 6899](https://vulners.com/osvdb/OSVDB:6899)\n[Related OSVDB ID: 6904](https://vulners.com/osvdb/OSVDB:6904)\n[Related OSVDB ID: 6905](https://vulners.com/osvdb/OSVDB:6905)\n[CVE-2003-0430](https://vulners.com/cve/CVE-2003-0430)\n[CVE-2003-0429](https://vulners.com/cve/CVE-2003-0429)\n[CVE-2003-0431](https://vulners.com/cve/CVE-2003-0431)\n[CVE-2003-0432](https://vulners.com/cve/CVE-2003-0432)\n[CVE-2003-0428](https://vulners.com/cve/CVE-2003-0428)\n", "published": "2003-06-11T16:55:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:6902", "cvelist": ["CVE-2003-0432", "CVE-2003-0428", "CVE-2003-0429", "CVE-2003-0431", "CVE-2003-0430"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6900", "type": "osvdb", "title": "Ethereal DNS Dissector String Handling Flaw", "description": "## Vulnerability Description\nEthereal contains a flaw related to the string handling in the DNS Dissector. No further details have been provided.\n## Solution Description\nUpgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nEthereal contains a flaw related to the string handling in the DNS Dissector. No further details have been provided.\n## References:\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00010.html)\n[Secunia Advisory ID:9007](https://secuniaresearch.flexerasoftware.com/advisories/9007/)\n[Related OSVDB ID: 6903](https://vulners.com/osvdb/OSVDB:6903)\n[Related OSVDB ID: 4479](https://vulners.com/osvdb/OSVDB:4479)\n[Related OSVDB ID: 6906](https://vulners.com/osvdb/OSVDB:6906)\n[Related OSVDB ID: 2177](https://vulners.com/osvdb/OSVDB:2177)\n[Related OSVDB ID: 4477](https://vulners.com/osvdb/OSVDB:4477)\n[Related OSVDB ID: 4478](https://vulners.com/osvdb/OSVDB:4478)\n[Related OSVDB ID: 4480](https://vulners.com/osvdb/OSVDB:4480)\n[Related OSVDB ID: 6901](https://vulners.com/osvdb/OSVDB:6901)\n[Related OSVDB ID: 6902](https://vulners.com/osvdb/OSVDB:6902)\n[Related OSVDB ID: 6899](https://vulners.com/osvdb/OSVDB:6899)\n[Related OSVDB ID: 6904](https://vulners.com/osvdb/OSVDB:6904)\n[Related OSVDB ID: 6905](https://vulners.com/osvdb/OSVDB:6905)\n[CVE-2003-0430](https://vulners.com/cve/CVE-2003-0430)\n[CVE-2003-0429](https://vulners.com/cve/CVE-2003-0429)\n[CVE-2003-0431](https://vulners.com/cve/CVE-2003-0431)\n[CVE-2003-0432](https://vulners.com/cve/CVE-2003-0432)\n[CVE-2003-0428](https://vulners.com/cve/CVE-2003-0428)\n", "published": "2003-06-11T16:55:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:6900", "cvelist": ["CVE-2003-0432", "CVE-2003-0428", "CVE-2003-0429", "CVE-2003-0431", "CVE-2003-0430"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6905", "type": "osvdb", "title": "Ethereal ISIS Dissector String Handling Flaw", "description": "## Vulnerability Description\nEthereal contains a flaw related to the string handling in the ISIS Dissector. No further details have been provided.\n## Solution Description\nUpgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nEthereal contains a flaw related to the string handling in the ISIS Dissector. No further details have been provided.\n## References:\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00010.html)\n[Secunia Advisory ID:9007](https://secuniaresearch.flexerasoftware.com/advisories/9007/)\n[Related OSVDB ID: 6903](https://vulners.com/osvdb/OSVDB:6903)\n[Related OSVDB ID: 4479](https://vulners.com/osvdb/OSVDB:4479)\n[Related OSVDB ID: 6906](https://vulners.com/osvdb/OSVDB:6906)\n[Related OSVDB ID: 2177](https://vulners.com/osvdb/OSVDB:2177)\n[Related OSVDB ID: 4477](https://vulners.com/osvdb/OSVDB:4477)\n[Related OSVDB ID: 4478](https://vulners.com/osvdb/OSVDB:4478)\n[Related OSVDB ID: 4480](https://vulners.com/osvdb/OSVDB:4480)\n[Related OSVDB ID: 6900](https://vulners.com/osvdb/OSVDB:6900)\n[Related OSVDB ID: 6901](https://vulners.com/osvdb/OSVDB:6901)\n[Related OSVDB ID: 6902](https://vulners.com/osvdb/OSVDB:6902)\n[Related OSVDB ID: 6899](https://vulners.com/osvdb/OSVDB:6899)\n[Related OSVDB ID: 6904](https://vulners.com/osvdb/OSVDB:6904)\n[CVE-2003-0430](https://vulners.com/cve/CVE-2003-0430)\n[CVE-2003-0429](https://vulners.com/cve/CVE-2003-0429)\n[CVE-2003-0431](https://vulners.com/cve/CVE-2003-0431)\n[CVE-2003-0432](https://vulners.com/cve/CVE-2003-0432)\n[CVE-2003-0428](https://vulners.com/cve/CVE-2003-0428)\n", "published": "2003-06-11T16:55:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:6905", "cvelist": ["CVE-2003-0432", "CVE-2003-0428", "CVE-2003-0429", "CVE-2003-0431", "CVE-2003-0430"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6899", "type": "osvdb", "title": "Ethereal WTP Dissector String Handling Flaw", "description": "## Vulnerability Description\nEthereal contains a flaw related to the string handling in the WTP Dissector. No further details have been provided.\n## Solution Description\nUpgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nEthereal contains a flaw related to the string handling in the WTP Dissector. No further details have been provided.\n## References:\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00010.html)\n[Secunia Advisory ID:9007](https://secuniaresearch.flexerasoftware.com/advisories/9007/)\n[Related OSVDB ID: 6903](https://vulners.com/osvdb/OSVDB:6903)\n[Related OSVDB ID: 4479](https://vulners.com/osvdb/OSVDB:4479)\n[Related OSVDB ID: 6906](https://vulners.com/osvdb/OSVDB:6906)\n[Related OSVDB ID: 2177](https://vulners.com/osvdb/OSVDB:2177)\n[Related OSVDB ID: 4477](https://vulners.com/osvdb/OSVDB:4477)\n[Related OSVDB ID: 4478](https://vulners.com/osvdb/OSVDB:4478)\n[Related OSVDB ID: 4480](https://vulners.com/osvdb/OSVDB:4480)\n[Related OSVDB ID: 6900](https://vulners.com/osvdb/OSVDB:6900)\n[Related OSVDB ID: 6901](https://vulners.com/osvdb/OSVDB:6901)\n[Related OSVDB ID: 6902](https://vulners.com/osvdb/OSVDB:6902)\n[Related OSVDB ID: 6904](https://vulners.com/osvdb/OSVDB:6904)\n[Related OSVDB ID: 6905](https://vulners.com/osvdb/OSVDB:6905)\n[CVE-2003-0430](https://vulners.com/cve/CVE-2003-0430)\n[CVE-2003-0429](https://vulners.com/cve/CVE-2003-0429)\n[CVE-2003-0431](https://vulners.com/cve/CVE-2003-0431)\n[CVE-2003-0432](https://vulners.com/cve/CVE-2003-0432)\n[CVE-2003-0428](https://vulners.com/cve/CVE-2003-0428)\n", "published": "2003-06-11T16:55:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:6899", "cvelist": ["CVE-2003-0432", "CVE-2003-0428", "CVE-2003-0429", "CVE-2003-0431", "CVE-2003-0430"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6901", "type": "osvdb", "title": "Ethereal 802.11 Dissector String Handling Flaw", "description": "## Vulnerability Description\nEthereal contains a flaw related to the string handling in the 802.11 Dissector. No further details have been provided.\n## Solution Description\nUpgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nEthereal contains a flaw related to the string handling in the 802.11 Dissector. No further details have been provided.\n## References:\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00010.html)\n[Secunia Advisory ID:9007](https://secuniaresearch.flexerasoftware.com/advisories/9007/)\n[Related OSVDB ID: 6903](https://vulners.com/osvdb/OSVDB:6903)\n[Related OSVDB ID: 4479](https://vulners.com/osvdb/OSVDB:4479)\n[Related OSVDB ID: 6906](https://vulners.com/osvdb/OSVDB:6906)\n[Related OSVDB ID: 2177](https://vulners.com/osvdb/OSVDB:2177)\n[Related OSVDB ID: 4477](https://vulners.com/osvdb/OSVDB:4477)\n[Related OSVDB ID: 4478](https://vulners.com/osvdb/OSVDB:4478)\n[Related OSVDB ID: 4480](https://vulners.com/osvdb/OSVDB:4480)\n[Related OSVDB ID: 6900](https://vulners.com/osvdb/OSVDB:6900)\n[Related OSVDB ID: 6902](https://vulners.com/osvdb/OSVDB:6902)\n[Related OSVDB ID: 6899](https://vulners.com/osvdb/OSVDB:6899)\n[Related OSVDB ID: 6904](https://vulners.com/osvdb/OSVDB:6904)\n[Related OSVDB ID: 6905](https://vulners.com/osvdb/OSVDB:6905)\n[CVE-2003-0430](https://vulners.com/cve/CVE-2003-0430)\n[CVE-2003-0429](https://vulners.com/cve/CVE-2003-0429)\n[CVE-2003-0431](https://vulners.com/cve/CVE-2003-0431)\n[CVE-2003-0432](https://vulners.com/cve/CVE-2003-0432)\n[CVE-2003-0428](https://vulners.com/cve/CVE-2003-0428)\n", "published": "2003-06-11T16:55:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:6901", "cvelist": ["CVE-2003-0432", "CVE-2003-0428", "CVE-2003-0429", "CVE-2003-0431", "CVE-2003-0430"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6904", "type": "osvdb", "title": "Ethereal CLNP Dissector String Handling Flaw", "description": "## Vulnerability Description\nEthereal contains a flaw related to the string handling in the CLNP Dissector. No further details have been provided.\n## Solution Description\nUpgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nEthereal contains a flaw related to the string handling in the CLNP Dissector. No further details have been provided.\n## References:\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00010.html)\n[Secunia Advisory ID:9007](https://secuniaresearch.flexerasoftware.com/advisories/9007/)\n[Related OSVDB ID: 6903](https://vulners.com/osvdb/OSVDB:6903)\n[Related OSVDB ID: 4479](https://vulners.com/osvdb/OSVDB:4479)\n[Related OSVDB ID: 6906](https://vulners.com/osvdb/OSVDB:6906)\n[Related OSVDB ID: 2177](https://vulners.com/osvdb/OSVDB:2177)\n[Related OSVDB ID: 4477](https://vulners.com/osvdb/OSVDB:4477)\n[Related OSVDB ID: 4478](https://vulners.com/osvdb/OSVDB:4478)\n[Related OSVDB ID: 4480](https://vulners.com/osvdb/OSVDB:4480)\n[Related OSVDB ID: 6900](https://vulners.com/osvdb/OSVDB:6900)\n[Related OSVDB ID: 6901](https://vulners.com/osvdb/OSVDB:6901)\n[Related OSVDB ID: 6902](https://vulners.com/osvdb/OSVDB:6902)\n[Related OSVDB ID: 6899](https://vulners.com/osvdb/OSVDB:6899)\n[Related OSVDB ID: 6905](https://vulners.com/osvdb/OSVDB:6905)\n[CVE-2003-0430](https://vulners.com/cve/CVE-2003-0430)\n[CVE-2003-0429](https://vulners.com/cve/CVE-2003-0429)\n[CVE-2003-0431](https://vulners.com/cve/CVE-2003-0431)\n[CVE-2003-0432](https://vulners.com/cve/CVE-2003-0432)\n[CVE-2003-0428](https://vulners.com/cve/CVE-2003-0428)\n", "published": "2003-06-11T16:55:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:6904", "cvelist": ["CVE-2003-0432", "CVE-2003-0428", "CVE-2003-0429", "CVE-2003-0431", "CVE-2003-0430"], "lastseen": "2017-04-28T13:20:01"}], "nessus": [{"id": "REDHAT-RHSA-2003-077.NASL", "type": "nessus", "title": "RHEL 2.1 : ethereal (RHSA-2003:077)", "description": "Updated Ethereal packages fixing a number of remotely exploitable security issues are now available.\n\nEthereal is a package designed for monitoring network traffic.\n\nA number of security issues affect Ethereal. By exploiting these issues it may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file.\n\nEthereal 0.9.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via carefully crafted SOCKS packets. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0081 to this issue.\n\nA heap-based buffer overflow exists in the NTLMSSP code for Ethereal 0.9.9 and earlier. (CVE-2003-0159)\n\nMultiple off-by-one vulnerabilities exist in Ethereal 0.9.11 and earlier in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions. (CVE-2003-0356)\n\nMultiple integer overflow vulnerabilities exist in Ethereal 0.9.11 and earlier in the Mount and PPP dissectors. (CVE-2003-0357)\n\nA vulnerability in the DCERPC dissector exists in Ethereal 0.9.12 and earlier, allowing remote attackers to cause a denial of service (memory consumption) via a certain NDR string. (CVE-2003-0428)\n\nA possible buffer overflow vulnerability exists in Ethereal 0.9.12 and earlier, caused by invalid IPv4 or IPv6 prefix lengths and possibly triggering a buffer overflow. (CVE-2003-0429)\n\nA vulnerability exists in Ethereal 0.9.12 and earlier, allowing remote attackers to cause a denial of service (crash) via an invalid ASN.1 value. (CVE-2003-0430)\n\nThe tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size. (CVE-2003-0431)\n\nEthereal 0.9.12 and earlier does not handle certain strings properly in the BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI dissectors. (CVE-2003-0432)\n\nUsers of Ethereal should update to these erratum packages containing Ethereal version 0.9.13, which are not vulnerable to these issues.", "published": "2004-07-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=12373", "cvelist": ["CVE-2003-0432", "CVE-2003-0081", "CVE-2003-0428", "CVE-2003-0356", "CVE-2003-0357", "CVE-2003-0429", "CVE-2003-0159", "CVE-2003-0431", "CVE-2003-0430"], "lastseen": "2017-10-29T13:34:05"}], "redhat": [{"id": "RHSA-2003:077", "type": "redhat", "title": "(RHSA-2003:077) ethereal security update", "description": "Ethereal is a package designed for monitoring network traffic.\n\nA number of security issues affect Ethereal. By exploiting these issues it\nmay be possible to make Ethereal crash or run arbitrary code by injecting a\npurposefully malformed packet onto the wire, or by convincing someone to\nread a malformed packet trace file.\n\nEthereal 0.9.9 and earlier allows remote attackers to cause a denial\nof service (crash) and possibly execute arbitrary code via carefully\ncrafted SOCKS packets. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2003-0081 to this issue.\n\nA heap-based buffer overflow exists in the NTLMSSP code for Ethereal\n0.9.9 and earlier. (CAN-2003-0159)\n\nMultiple off-by-one vulnerabilities exist in Ethereal 0.9.11 and earlier in\nthe AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP,\nand TSP dissectors, which do not properly use the tvb_get_nstringz and\ntvb_get_nstringz0 functions. (CAN-2003-0356)\n\nMultiple integer overflow vulnerabilities exist in Ethereal 0.9.11 and\nearlier in the Mount and PPP dissectors. (CAN-2003-0357)\n\nA vulnerability in the DCERPC dissector exists in Ethereal 0.9.12 and\nearlier, allowing remote attackers to cause a denial of service (memory\nconsumption) via a certain NDR string. (CAN-2003-0428)\n\nA possible buffer overflow vulnerability exists in Ethereal 0.9.12 and\nearlier, caused by invalid IPv4 or IPv6 prefix lengths and possibly\ntriggering a buffer overflow. (CAN-2003-0429)\n\nA vulnerability exists in Ethereal 0.9.12 and earlier, allowing remote\nattackers to cause a denial of service (crash) via an invalid ASN.1 value. \n(CAN-2003-0430)\n\nThe tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not\nproperly handle a zero-length buffer size. (CAN-2003-0431)\n\nEthereal 0.9.12 and earlier does not handle certain strings properly in the\nBGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI dissectors.\n(CAN-2003-0432)\n\nUsers of Ethereal should update to these erratum packages containing\nEthereal version 0.9.13, which are not vulnerable to these issues.", "published": "2003-07-08T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2003:077", "cvelist": ["CVE-2003-0081", "CVE-2003-0159", "CVE-2003-0356", "CVE-2003-0357", "CVE-2003-0428", "CVE-2003-0429", "CVE-2003-0430", "CVE-2003-0431", "CVE-2003-0432"], "lastseen": "2018-03-15T06:37:07"}]}}