Search...

Ethereal IGAP Protocol Dissector Message Overflow

2003-12-10T00:00:00

ID OSVDB:6888
Type osvdb
Reporter Stefan Esser(sesser@hardened-php.net)
Modified 2003-12-10T00:00:00

Description

Vulnerability Description

A remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the "message" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.

Solution Description

Upgrade to version 0.10.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector

Short Description

References:

JSON Vulners Source

Initial Source

{"title": "Ethereal IGAP Protocol Dissector Message Overflow", "published": "2003-12-10T00:00:00", "references": [], "type": "osvdb", "enchantments": {"vulnersScore": 7.5}, "cvelist": ["CVE-2004-0176"], "viewCount": 0, "affectedSoftware": [{"version": "0.8.20", "name": "Ethereal", "operator": "eq"}, {"version": "0.8.16", "name": "Ethereal", "operator": "eq"}, {"version": "0.8.15", "name": "Ethereal", "operator": "eq"}, {"version": "0.8.14", "name": "Ethereal", "operator": "eq"}, {"version": "0.8.19", "name": "Ethereal", "operator": "eq"}, {"version": "0.9.x", "name": "Ethereal", "operator": "eq"}, {"version": "0.8.18", "name": "Ethereal", "operator": "eq"}, {"version": "0.8.17-a", "name": "Ethereal", "operator": "eq"}], "hash": "91e70fe56deef32930b8d1228beab1fdad2dbffe795a858c227ef1ff862b2204", "id": "OSVDB:6888", "modified": "2003-12-10T00:00:00", "history": [], "href": "https://vulners.com/osvdb/OSVDB:6888", "hashmap": [{"hash": "f679d346800ff98988cf10aee9c75cac", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "e998f0afc810c7ebcdaded3f1ca5951d", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "5880c21c1307d22adbbd03724755f963", "key": "description"}, {"hash": "2236c2aa1c6fccd360ba02f2fd5b418b", "key": "href"}, {"hash": "fde9a25ef7fddb3d06e1a9716f235df9", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "fde9a25ef7fddb3d06e1a9716f235df9", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "93ba29132b36a861ff8404af2e08dae6", "key": "reporter"}, {"hash": "ea112473ca61e9aa42366cc9a54fe5fb", "key": "title"}, {"hash": "1327ac71f7914948578f08c54f772b10", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the \"message\" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.10.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the \"message\" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "bulletinFamily": "software", "reporter": "Stefan Esser(sesser@hardened-php.net)", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/", "score": 5.0}, "lastseen": "2017-04-28T13:20:01"}

{"result": {"cve": [{"id": "CVE-2004-0176", "type": "cve", "title": "CVE-2004-0176", "description": "Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.", "published": "2004-05-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0176", "cvelist": ["CVE-2004-0176"], "lastseen": "2017-10-11T11:05:54"}], "cert": [{"id": "VU:119876", "type": "cert", "title": "Ethereal contains multiple vulnerabilities in the EIGRP protocol dissector", "description": "### Overview\n\nEthereal contains multiple vulnerabilities in the Enhanced Interior Gateway Routing Protocol (EIGRP) protocol dissector. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing EIGRP data. There are two buffer overflow vulnerabilities in the way the EIGRP protocol dissector decodes packets containing EIGRP data. These vulnerabilities could be exploited by a remote, unauthenticated attacker by sending a specially crafted EIGRP packet containing overly long IP address values. Exploitation of these vulnerabilities could result in arbitrary code execution. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could execute arbitrary code on the vulnerable system. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the EIGRP protocol dissector by performing the following actions in Ethereal: \n \n(for Ethereal versions 0.8.x and 0.9.x) \n\n1) Select Edit->Protocols \n2) Deselect the EIGRP protocol dissector from the list \n(for Ethereal versions 0.10.x) \n\n1) Select Analyze->Enabled Protocols \n2) Disable the EIGRP protocol dissector from the list by unchecking its \"Status\" checkbox \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 24 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23119876 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting these vulnerabilities.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 24 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 9.82\n * Document Revision: 17\n\n", "published": "2004-03-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/119876", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "lastseen": "2016-02-03T09:13:17"}, {"id": "VU:740188", "type": "cert", "title": "Ethereal IrDA dissector plugin fails to properly parse IRCOM_PORT_NAME parameter", "description": "### Overview\n\nEthereal contains a vulnerability in the way the Infrared Data Association (IrDA) dissector plugin parses the IRCOM_PORT_NAME parameter.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing IrDA data. There is a vulnerability in the way the IrDA dissector plugin decodes the IRCOM_PORT_NAME parameter. By sending an IrDA packet containing an overly long portname, a remote unauthenticated attacker could cause Ethereal to crash or potentially execute code of the attacker's choice. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could cause Ethereal to crash or potentially execute code of the attacker's choice. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 25 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23740188 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n * <http://www.irda.org/>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting this vulnerability.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 25 Mar 2004\n * Date Last Updated: 06 Apr 2004\n * Severity Metric: 4.04\n * Document Revision: 11\n\n", "published": "2004-03-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/740188", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "lastseen": "2016-02-03T09:12:52"}, {"id": "VU:591820", "type": "cert", "title": "Ethereal fails to properly decode Transaction IDs within TCAP packets", "description": "### Overview\n\nEthereal contains a vulnerability in the way the Transaction Capabilities Application Part ([TCAP](<http://www.ietf.org/proceedings/99nov/I-D/draft-ietf-sigtran-tcap-perf-req-00.txt>)) protocol dissector parses ASN.1 encoded Transaction IDs within TCAP packets.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing TCAP[](<http://www.ietf.org/rfc/rfc2865.txt>) data. The TCAP protocol is designed to enable advanced network telephony services between signaling points. For instance, when dialing an 800, 888, or 900 number, TCAP is used to determine the routing numbers for these digits. \n\nAccording to an [IETF Draft](<http://www.ietf.org/proceedings/99nov/I-D/draft-ietf-sigtran-tcap-perf-req-00.txt>), \n\n\n_TCAP messages are designed for accessing databases or other switches to retrieve information or invoke features. TCAP enables the deployment of advanced intelligent network services by supporting non-circuit related information exchange between signaling points using the signaling connection control part (SCCP) connectionless service for message transport._ \n_..._ \n \n_The Transaction ID is a reference to correlate messages within the same transaction and associate the TCAP transaction with a specific application at the originating and destination signaling points._ \nThere is a buffer overflow vulnerability in the way the TCAP protocol dissector parses ASN.1 encoded Transaction IDs within TCAP packets. Exploitation of this vulnerability could allow for arbitrary code execution. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could execute arbitrary code on the vulnerable system. \n \n--- \n \n### Solution\n\n**Upgrade** \nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the TCAP protocol dissector by performing the following actions in Ethereal: \n \n(for Ethereal versions 0.9.x) \n\n1) Select Edit->Protocols \n2) Deselect the TCAP protocol dissector from the list \n(for Ethereal versions 0.10.x) \n\n1) Select Analyze->Enabled Protocols \n2) Disable the TCAP protocol dissector from the list by unchecking its \"Status\" checkbox \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 25 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23591820 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n * <http://www.ietf.org/proceedings/99nov/I-D/draft-ietf-sigtran-tcap-perf-req-00.txt>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting this vulnerability.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 25 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 9.82\n * Document Revision: 17\n\n", "published": "2004-03-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/591820", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "lastseen": "2016-02-03T09:13:07"}, {"id": "VU:644886", "type": "cert", "title": "Ethereal fails to properly parse NetFlow UDP packets with an overly large template_entry count", "description": "### Overview\n\nEthereal fails to properly parse v9_template structures in NetFlow UDP packets with an overly large template_entry count. This could allow an attacker to execute arbitrary code.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing NetFlow data. There is a buffer overflow vulnerability in the way the NetFlow v9 dissector parses v9_template structures in a NetFlow UDP packet. A remote, unauthenticated attacker could exploit this vulnerability by sending a NetFlow UDP packet containing an overly large template_entry count which could allow for arbitrary code execution. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could execute arbitrary code on the vulnerable system. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the NetFlow protocol dissector by performing the following actions in Ethereal: \n \n(for Ethereal versions 0.9.x) \n\n1) Select Edit->Protocols \n2) Deselect the NetFlow protocol dissector from the list \n(for Ethereal versions 0.10.x) \n\n1) Select Analyze->Enabled Protocols \n2) Disable the CFLOW (Cisco NetFlow) protocol dissector from the list by unchecking its \"Status\" checkbox \nHowever, it is strongly encouraged to upgrade to version 0.10.3 or later. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 24 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23644886 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting this vulnerability.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 24 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 9.82\n * Document Revision: 25\n\n", "published": "2004-03-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/644886", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "lastseen": "2016-02-03T09:13:01"}, {"id": "VU:659140", "type": "cert", "title": "Ethereal ISUP protocol dissector fails to properly decode ISUP packets", "description": "### Overview\n\nEthereal fails to properly decode ISDN User Part (ISUP) packets containing an overly long Interworking Function Address (IWFA) value.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing ISUP data. There is a vulnerability in the way the ISUP protocol dissector decodes the IWFA value. By sending an ISUP packet containing an overly long IWFA value, a remote, unauthenticated attacker could execute arbitrary code. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could execute arbitrary code on the vulnerable system. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the ISUP protocol dissector by performing the following actions in Ethereal: \n \n(for Ethereal versions 0.9.x) \n\n1) Select Edit->Protocols \n2) Deselect the ISUP protocol dissector from the list \n(for Ethereal versions 0.10.x) \n\n1) Select Analyze->Enabled Protocols \n2) Disable the ISUP protocol dissector from the list by unchecking its \"Status\" checkbox \nHowever, it is strongly encouraged to upgrade to version 0.10.3 or later. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 25 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23659140 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting this vulnerability.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 25 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 9.82\n * Document Revision: 10\n\n", "published": "2004-03-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/659140", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "lastseen": "2016-02-03T09:12:36"}, {"id": "VU:864884", "type": "cert", "title": "Ethereal contains multiple vulnerabilities in the IGAP protocol dissector", "description": "### Overview\n\nEthereal contains multiple buffer overflows in the Internet Group Membership Authentication Protocol (IGAP[](<http://www.ethereal.com/docs/dfref/i/igap.html>)) protocol dissector. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code.\n\n### Description\n\nEthereal is a network traffic analysis package. It includes the ability to decode packets containing IGAP data. There are two buffer overflow vulnerabilities in the way the IGAP protocol dissector decodes packets containing IGAP data. These vulnerabilities could be exploited by a remote, unauthenticated attacker by sending a specially crafted IGAP packet containing an overly long value for the `accountname` or `message`. Exploitation of these vulnerabilities could result in arbitrary code execution. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker could execute arbitrary code on the vulnerable system. \n \n--- \n \n### Solution\n\n**Upgrade**\n\nUpgrade to version 0.10.3 or later. \n \nNote: Ethereal is considered BETA software at this time. \n \n--- \n \n \n**Disable Dissector** \n \nIf you are unable to upgrade to version 0.10.3 or later, you can disable the IGAP protocol dissector by performing the following actions in Ethereal: \n\n\n1) Select Analyze->Enabled Protocols \n2) Disable the IGAP protocol dissector from the list by unchecking its \"Status\" checkbox \nHowever, it is strongly encouraged to upgrade to version 0.10.3 or later. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nEthereal| | -| 24 Mar 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23864884 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://security.e-matters.de/advisories/032004.html>\n * <http://www.ethereal.com/appnotes/enpa-sa-00013.html>\n * <http://secunia.com/advisories/11185/>\n\n### Credit\n\nEthereal credits Stefan Esser for reporting these vulnerabilities.\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0176](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0176>)\n * Date Public: 22 Mar 2004\n * Date First Published: 24 Mar 2004\n * Date Last Updated: 25 Mar 2004\n * Severity Metric: 9.82\n * Document Revision: 19\n\n", "published": "2004-03-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/864884", "cvelist": ["CVE-2004-0176", "CVE-2004-0176"], "lastseen": "2016-02-03T09:13:19"}], "osvdb": [{"id": "OSVDB:4490", "type": "osvdb", "title": "Ethereal NetFlow v9 Dissector Template Caching Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The NetFlow v9 Dissector fails to check the bounds of the template_entry variable resulting in a caching overflow. With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of integrity.\n\n## Solution Description\nUpgrade to version 0.9.10 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The NetFlow v9 Dissector fails to check the bounds of the template_entry variable resulting in a caching overflow. With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of integrity.\n\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "published": "2004-03-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:4490", "cvelist": ["CVE-2004-0176"], "lastseen": "2017-04-28T13:19:59"}, {"id": "OSVDB:6890", "type": "osvdb", "title": "Ethereal EIGRP Protocol TLV_IP_EXT Long IP Address Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The EIGRP Dissector fails to check the bounds of the \"TLV_IP_EXT\" variable resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.8.14 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The EIGRP Dissector fails to check the bounds of the \"TLV_IP_EXT\" variable resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "published": "2000-11-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:6890", "cvelist": ["CVE-2004-0176"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6898", "type": "osvdb", "title": "Ethereal UCP Dissector Handle Time-Field Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Time field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.\n## Solution Description\nUpgrade to version 0.9.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Time field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "published": "2001-10-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:6898", "cvelist": ["CVE-2004-0176"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6893", "type": "osvdb", "title": "Ethereal BGP Dissector MPLS Label Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The BGP Dissector fails to check the bounds of the IPv6 label resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, exploitation would be extremely difficult.\n## Solution Description\nUpgrade to version 0.10.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The BGP Dissector fails to check the bounds of the IPv6 label resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, exploitation would be extremely difficult.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\nCIAC Advisory: o-105\nCERT VU: 119876\n", "published": "2004-01-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:6893", "cvelist": ["CVE-2004-0176"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6897", "type": "osvdb", "title": "Ethereal UCP Dissector Handle Int-Field Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Integer field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.\n## Solution Description\nUpgrade to version 0.9.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Integer field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "published": "2001-10-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:6897", "cvelist": ["CVE-2004-0176"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6887", "type": "osvdb", "title": "Ethereal IGAP Protocol Dissector Account Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the \"accountname\" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.10.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the \"accountname\" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "published": "2003-12-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:6887", "cvelist": ["CVE-2004-0176"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6895", "type": "osvdb", "title": "Ethereal TCAP Dissector TID Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The TCAP Dissector fails to check the bounds of the ASN.1 encoded Transaction ID resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary coderesulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.9.16 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The TCAP Dissector fails to check the bounds of the ASN.1 encoded Transaction ID resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary coderesulting in a loss of integrity.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "published": "2003-10-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:6895", "cvelist": ["CVE-2004-0176"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6891", "type": "osvdb", "title": "Ethereal PGM Dissector NakList Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The PGM Dissector fails to check the bounds of the Naklist resulting in a integer underflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, code execution would be extremely difficult.\n## Solution Description\nUpgrade to version 0.8.19 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The PGM Dissector fails to check the bounds of the Naklist resulting in a integer underflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, code execution would be extremely difficult.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "published": "2001-07-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:6891", "cvelist": ["CVE-2004-0176"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6894", "type": "osvdb", "title": "Ethereal ISUP Dissector INTERWORKING FUNCTION ADDRESS Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The ISUP Dissector fails to check the bounds of the IWFA resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.9.16 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The ISUP Dissector fails to check the bounds of the IWFA resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6892](https://vulners.com/osvdb/OSVDB:6892)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "published": "2003-10-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:6894", "cvelist": ["CVE-2004-0176"], "lastseen": "2017-04-28T13:20:01"}, {"id": "OSVDB:6892", "type": "osvdb", "title": "Ethereal IRDA Dissector Plugin IRCOM_PORT_NAME Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Ethereal. The IRDA Dissector Plugin fails to check the bounds of the \"IRCOM_PORT_NAME\" variable resulting in an overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, exploitation would be extremely difficult.\n## Solution Description\nUpgrade to version 0.10.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector\n## Short Description\nA remote overflow exists in Ethereal. The IRDA Dissector Plugin fails to check the bounds of the \"IRCOM_PORT_NAME\" variable resulting in an overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity. Due to the stacklayout, exploitation would be extremely difficult.\n## References:\nVendor URL: http://www.ethereal.com/\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-511)\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:024)\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00013.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835)\n[Secunia Advisory ID:11744](https://secuniaresearch.flexerasoftware.com/advisories/11744/)\n[Related OSVDB ID: 6888](https://vulners.com/osvdb/OSVDB:6888)\n[Related OSVDB ID: 6893](https://vulners.com/osvdb/OSVDB:6893)\n[Related OSVDB ID: 4490](https://vulners.com/osvdb/OSVDB:4490)\n[Related OSVDB ID: 6887](https://vulners.com/osvdb/OSVDB:6887)\n[Related OSVDB ID: 6889](https://vulners.com/osvdb/OSVDB:6889)\n[Related OSVDB ID: 6896](https://vulners.com/osvdb/OSVDB:6896)\n[Related OSVDB ID: 6894](https://vulners.com/osvdb/OSVDB:6894)\n[Related OSVDB ID: 6895](https://vulners.com/osvdb/OSVDB:6895)\n[Related OSVDB ID: 6898](https://vulners.com/osvdb/OSVDB:6898)\n[Related OSVDB ID: 6890](https://vulners.com/osvdb/OSVDB:6890)\n[Related OSVDB ID: 6891](https://vulners.com/osvdb/OSVDB:6891)\n[Related OSVDB ID: 6897](https://vulners.com/osvdb/OSVDB:6897)\nRedHat RHSA: RHSA-2004:136-09\nRedHat RHSA: RHSA-2004:137-07\nOther Advisory URL: http://security.e-matters.de/advisories/032004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html\nISS X-Force ID: 15569\n[CVE-2004-0176](https://vulners.com/cve/CVE-2004-0176)\n", "published": "2003-12-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:6892", "cvelist": ["CVE-2004-0176"], "lastseen": "2017-04-28T13:20:01"}], "nessus": [{"id": "DEBIAN_DSA-511.NASL", "type": "nessus", "title": "Debian DSA-511-1 : ethereal - buffer overflows", "description": "Several buffer overflow vulnerabilities were discovered in ethereal, a network traffic analyzer. These vulnerabilities are described in the ethereal advisory 'enpa-sa-00013'. Of these, only some parts of CAN-2004-0176 affect the version of ethereal in Debian woody.\nCAN-2004-0367 and CAN-2004-0365 are not applicable to this version.", "published": "2004-09-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=15348", "cvelist": ["CVE-2004-0176"], "lastseen": "2018-07-12T18:08:24"}, {"id": "FREEBSD_ETHEREAL_0103.NASL", "type": "nessus", "title": "FreeBSD : multiple vulnerabilities in ethereal (40)", "description": "The following package needs to be updated: ethereal", "published": "2004-07-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=12537", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "lastseen": "2016-09-26T17:26:36"}, {"id": "MANDRAKE_MDKSA-2004-024.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : ethereal (MDKSA-2004:024)", "description": "A number of serious issues have been discovered in versions of Ethereal prior to 0.10.2. Stefan Esser discovered thirteen buffer overflows in the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP dissectors. Jonathan Heusser discovered that a carefully-crafted RADIUS packet could cause Ethereal to crash. It was also found that a zero-length Presentation protocol selector could make Ethereal crash.\nFinally, a corrupt color filter file could cause a segmentation fault.\nIt is possible, through the exploitation of some of these vulnerabilities, to cause Ethereal to crash or run arbitrary code by injecting a malicious, malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file.\n\nThe updated packages bring Ethereal to version 0.10.3 which is not vulnerable to these issues.", "published": "2004-07-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14123", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "lastseen": "2017-10-29T13:40:31"}, {"id": "GENTOO_GLSA-200403-07.NASL", "type": "nessus", "title": "GLSA-200403-07 : Multiple remote overflows and vulnerabilities in Ethereal", "description": "The remote host is affected by the vulnerability described in GLSA-200403-07 (Multiple remote overflows and vulnerabilities in Ethereal)\n\n There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including:\n\tThirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.\n \tA zero-length Presentation protocol selector could make Ethereal crash.\n \tA vulnerability in the RADIUS packet dissector which may crash ethereal.\n \tA corrupt color filter file could cause a segmentation fault.\n Impact :\n\n These vulnerabilities may cause Ethereal to crash or may allow an attacker to run arbitrary code on the user's computer.\n Workaround :\n\n While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of the affected package.", "published": "2004-08-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14458", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "lastseen": "2017-10-29T13:34:55"}, {"id": "FREEBSD_PKG_CDF18ED97F4A11D896450020ED76EF5A.NASL", "type": "nessus", "title": "FreeBSD : multiple vulnerabilities in ethereal (cdf18ed9-7f4a-11d8-9645-0020ed76ef5a)", "description": "Stefan Esser of e-matters Security discovered a baker's dozen of buffer overflows in Ethereal's decoders, including :\n\n- NetFlow\n\n- IGAP\n\n- EIGRP\n\n- PGM\n\n- IRDA\n\n- BGP\n\n- ISUP\n\n- TCAP\n\n- UCP\n\nIn addition, a vulnerability in the RADIUS decoder was found by Jonathan Heusser.\n\nFinally, there is one uncredited vulnerability described by the Ethereal team as :\n\nA zero-length Presentation protocol selector could make Ethereal crash.", "published": "2009-04-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=38151", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "lastseen": "2018-07-12T17:52:14"}, {"id": "REDHAT-RHSA-2004-136.NASL", "type": "nessus", "title": "RHEL 2.1 / 3 : ethereal (RHSA-2004:136)", "description": "Updated Ethereal packages that fix various security vulnerabilities are now available.\n\nEthereal is a program for monitoring network traffic.\n\nStefan Esser reported that Ethereal versions 0.10.1 and earlier contain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors. On a system where Ethereal is being run a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0176 to this issue.\n\nJonathan Heussser discovered that a carefully-crafted RADIUS packet could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0365 to this issue.\n\nEthereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0367 to this issue.\n\nUsers of Ethereal should upgrade to these updated packages, which contain a version of Ethereal that is not vulnerable to these issues.", "published": "2004-07-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=12482", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176", "CVE-2004-1761"], "lastseen": "2017-10-29T13:32:56"}, {"id": "UBUNTU_USN-82-1.NASL", "type": "nessus", "title": "Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-82-1)", "description": "CAN-2004-0176 :\n\nMichael Kerrisk noticed an insufficient permission checking in the shmctl() function. Any process was permitted to lock/unlock any System V shared memory segment that fell within the the RLIMIT_MEMLOCK limit (that is the maximum size of shared memory that unprivileged users can acquire). This allowed am unprivileged user process to unlock locked memory of other processes, thereby allowing them to be swapped out.\nUsually locked shared memory is used to store passphrases and other sensitive content which must not be written to the swap space (where it could be read out even after a reboot).\n\nCAN-2005-0177 :\n\nOGAWA Hirofumi noticed that the table sizes in nls_ascii.c were incorrectly set to 128 instead of 256. This caused a buffer overflow in some cases which could be exploited to crash the kernel.\n\nCAN-2005-0178 :\n\nA race condition was found in the terminal handling of the 'setsid()' function, which is used to start new process sessions.\n\nhttp://oss.sgi.com/archives/netdev/2005-01/msg01036.html :\n\nDavid Coulson noticed a design flaw in the netfilter/iptables module.\nBy sending specially crafted packets, a remote attacker could exploit this to crash the kernel or to bypass firewall rules.\n\nFixing this vulnerability required a change in the Application Binary Interface (ABI) of the kernel. This means that third-party user installed modules might not work any more with the new kernel, so this fixed kernel has a new ABI version number. You have to recompile and reinstall all third-party modules.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2006-01-15T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20706", "cvelist": ["CVE-2005-0176", "CVE-2004-0176", "CVE-2005-0177", "CVE-2005-0178"], "lastseen": "2017-10-29T13:33:31"}], "exploitdb": [{"id": "EDB-ID:167", "type": "exploitdb", "title": "Ethereal 0.10.0-0.10.2 IGAP Overflow Remote Root Exploit", "description": "Ethereal 0.10.0-0.10.2 IGAP Overflow Remote Root Exploit. CVE-2004-0176. Remote exploit for linux platform", "published": "2004-03-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/167/", "cvelist": ["CVE-2004-0176"], "lastseen": "2016-01-31T11:51:07"}, {"id": "EDB-ID:170", "type": "exploitdb", "title": "Ethereal EIGRP Dissector TLV_IP_INT Long IP Remote DoS Exploit", "description": "Ethereal EIGRP Dissector TLV_IP_INT Long IP Remote DoS Exploit. CVE-2004-0176. Dos exploits for multiple platform", "published": "2004-03-26T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/170/", "cvelist": ["CVE-2004-0176"], "lastseen": "2016-01-31T11:51:30"}], "debian": [{"id": "DSA-511", "type": "debian", "title": "ethereal -- buffer overflows", "description": "Several buffer overflow vulnerabilities were discovered in ethereal, a network traffic analyzer. These vulnerabilities are described in the ethereal advisory \"enpa-sa-00013\". Of these, only some parts of [CAN-2004-0176](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176>) affect the version of ethereal in Debian woody. [CAN-2004-0367](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367>) and [CAN-2004-0365](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365>) are not applicable to this version.\n\nFor the current stable distribution (woody), these problems have been fixed in version 0.9.4-1woody7.\n\nFor the unstable distribution (sid), these problems have been fixed in version 0.10.3-1.\n\nWe recommend that you update your ethereal package.", "published": "2004-05-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-511", "cvelist": ["CVE-2004-0176"], "lastseen": "2016-09-02T18:36:31"}], "openvas": [{"id": "OPENVAS:54532", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200403-07 (ethereal)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200403-07.", "published": "2008-09-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54532", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "lastseen": "2017-07-24T12:49:53"}, {"id": "OPENVAS:52432", "type": "openvas", "title": "FreeBSD Ports: ethereal, tethereal", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52432", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "lastseen": "2017-07-02T21:10:11"}, {"id": "OPENVAS:53201", "type": "openvas", "title": "Debian Security Advisory DSA 511-1 (ethereal)", "description": "The remote host is missing an update to ethereal\nannounced via advisory DSA 511-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53201", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "lastseen": "2017-10-30T10:46:24"}], "freebsd": [{"id": "CDF18ED9-7F4A-11D8-9645-0020ED76EF5A", "type": "freebsd", "title": "multiple vulnerabilities in ethereal", "description": "\nStefan Esser of e-matters Security discovered a baker's dozen\n\t of buffer overflows in Ethereal's decoders, including:\n\nNetFlow\nIGAP\nEIGRP\nPGM\nIRDA\nBGP\nISUP\nTCAP\nUCP\n\nIn addition, a vulnerability in the RADIUS decoder was found\n\t by Jonathan Heusser.\nFinally, there is one uncredited vulnerability described by the\n\t Ethereal team as:\n\nA zero-length Presentation protocol selector could make\n\t Ethereal crash.\n\n", "published": "2004-03-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/cdf18ed9-7f4a-11d8-9645-0020ed76ef5a.html", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "lastseen": "2016-09-26T17:25:22"}], "gentoo": [{"id": "GLSA-200403-07", "type": "gentoo", "title": "Multiple remote overflows and vulnerabilities in Ethereal", "description": "### Background\n\nQuote from http://www.ethereal.com \n\n\"Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows.\" \n\n### Description\n\nThere are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including:\n\n * Thirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.\n * A zero-length Presentation protocol selector could make Ethereal crash.\n * A vulnerability in the RADIUS packet dissector which may crash ethereal.\n * A corrupt color filter file could cause a segmentation fault.\n\n### Impact\n\nThese vulnerabilities may cause Ethereal to crash or may allow an attacker to run arbitrary code on the user's computer. \n\n### Workaround\n\nWhile a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of the affected package. \n\n### Resolution\n\nAll users should upgrade to the current version of the affected package: \n \n \n # emerge sync\n \n # emerge -pv \">=net-analyzer/ethereal-0.10.3\"\n # emerge \">=net-analyzer/ethereal-0.10.3\"", "published": "2004-03-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200403-07", "cvelist": ["CVE-2004-0367", "CVE-2004-0365", "CVE-2004-0176"], "lastseen": "2016-09-06T19:46:17"}], "redhat": [{"id": "RHSA-2004:136", "type": "redhat", "title": "(RHSA-2004:136) ethereal security update", "description": "Ethereal is a program for monitoring network traffic.\n\nStefan Esser reported that Ethereal versions 0.10.1 and earlier contain\nstack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors.\n On a system where Ethereal is being run a remote attacker could send\nmalicious packets that could cause Ethereal to crash or execute arbitrary\ncode. The Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0176 to this issue.\n\nJonathan Heussser discovered that a carefully-crafted RADIUS packet could\ncause a crash. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0365 to this issue.\n\nEthereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of\nservice (crash) via a zero-length Presentation protocol selector. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2004-0367 to this issue.\n\nUsers of Ethereal should upgrade to these updated packages, which contain\na version of Ethereal that is not vulnerable to these issues.", "published": "2004-03-30T05:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2004:136", "cvelist": ["CVE-2004-0176", "CVE-2004-0365", "CVE-2004-0367", "CVE-2004-1761"], "lastseen": "2018-05-11T21:14:37"}], "ubuntu": [{"id": "USN-82-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "CAN-2004-0176:\n\nMichael Kerrisk noticed an insufficient permission checking in the shmctl() function. Any process was permitted to lock/unlock any System V shared memory segment that fell within the the RLIMIT_MEMLOCK limit (that is the maximum size of shared memory that unprivileged users can acquire). This allowed am unprivileged user process to unlock locked memory of other processes, thereby allowing them to be swapped out. Usually locked shared memory is used to store passphrases and other sensitive content which must not be written to the swap space (where it could be read out even after a reboot).\n\nCAN-2005-0177:\n\nOGAWA Hirofumi noticed that the table sizes in nls_ascii.c were incorrectly set to 128 instead of 256. This caused a buffer overflow in some cases which could be exploited to crash the kernel.\n\nCAN-2005-0178:\n\nA race condition was found in the terminal handling of the \u201csetsid()\u201d function, which is used to start new process sessions.\n\n<http://oss.sgi.com/archives/netdev/2005-01/msg01036.html:>\n\nDavid Coulson noticed a design flaw in the netfilter/iptables module. By sending specially crafted packets, a remote attacker could exploit this to crash the kernel or to bypass firewall rules.\n\nFixing this vulnerability required a change in the Application Binary Interface (ABI) of the kernel. This means that third party user installed modules might not work any more with the new kernel, so this fixed kernel has a new ABI version number. You have to recompile and reinstall all third party modules.", "published": "2005-02-15T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/82-1/", "cvelist": ["CVE-2005-0176", "CVE-2004-0176", "CVE-2005-0449", "CVE-2005-0177", "CVE-2005-0178"], "lastseen": "2018-03-29T18:21:33"}], "suse": [{"id": "SUSE-SA:2004:012", "type": "suse", "title": "local privilege escalation in mc", "description": "The Midnight Commander (mc) is a file manager for the console. The mc code is vulnerable to several security related bugs like buffer overflows, incorrect format string handling and insecure usage of temporary files. These bugs can be exploited by local users to gain access to the privileges of the user running mc.", "published": "2004-05-14T14:09:57", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-05/msg00007.html", "cvelist": ["CVE-2004-0367", "CVE-2004-0176", "CVE-2004-0232", "CVE-2004-0400", "CVE-2004-0113", "CVE-2004-0226", "CVE-2004-0174", "CVE-2003-0020", "CVE-2004-0231"], "lastseen": "2016-09-04T11:40:16"}]}}