Search...

Ethereal RSVP Dissector Malformed Packet Core Dump DoS

2002-06-28T09:43:00

ID OSVDB:6921
Type osvdb
Reporter OSVDB
Modified 2002-06-28T09:43:00

Description

Solution Description

Upgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Related OSVDB ID: 4474 Related OSVDB ID: 4475 Related OSVDB ID: 6923 Related OSVDB ID: 4476 Related OSVDB ID: 6922 Generic Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html CVE-2002-0834 CVE-2002-0821 CVE-2002-0822

JSON Vulners Source

Initial Source

{"edition": 1, "title": "Ethereal RSVP Dissector Malformed Packet Core Dump DoS", "bulletinFamily": "software", "published": "2002-06-28T09:43:00", "lastseen": "2017-04-28T13:20:01", "history": [], "modified": "2002-06-28T09:43:00", "reporter": "OSVDB", "hash": "8df8e5a20896a5365a7c1fcc24b3b91170248749116b078b6c076f26dfd6c7a6", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:6921", "description": "## Solution Description\nUpgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Related OSVDB ID: 4474](https://vulners.com/osvdb/OSVDB:4474)\n[Related OSVDB ID: 4475](https://vulners.com/osvdb/OSVDB:4475)\n[Related OSVDB ID: 6923](https://vulners.com/osvdb/OSVDB:6923)\n[Related OSVDB ID: 4476](https://vulners.com/osvdb/OSVDB:4476)\n[Related OSVDB ID: 6922](https://vulners.com/osvdb/OSVDB:6922)\nGeneric Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "affectedSoftware": [], "type": "osvdb", "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "a079cd423e535a8e267580811350c130"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "566c52c91ed8d90e525b48c28a4460da"}, {"key": "href", "hash": "cffcc3e77eaeeca385c9addacad8f457"}, {"key": "modified", "hash": "55aaabab1d643727f4054934a3739819"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "55aaabab1d643727f4054934a3739819"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "bad496dcb00d409caf8bf1abefe86472"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "id": "OSVDB:6921"}

{"cve": [{"lastseen": "2016-09-03T03:27:59", "references": ["http://www.ethereal.com/appnotes/enpa-sa-00005.html", "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505"], "description": "Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector.", "edition": 1, "reporter": "NVD", "published": "2002-08-12T00:00:00", "title": "CVE-2002-0821", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T03:27:59", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2002-0821"], "scanner": [], "cpe": ["cpe:/a:ethereal_group:ethereal:0.9.4"], "modified": "2008-09-05T16:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0821", "id": "CVE-2002-0821", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-03T03:28:01", "references": ["http://www.ethereal.com/appnotes/enpa-sa-00005.html", "http://www.securityfocus.com/bid/5167"], "description": "Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump.", "edition": 1, "reporter": "NVD", "published": "2002-08-12T00:00:00", "title": "CVE-2002-0822", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T03:28:01", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2002-0822"], "scanner": [], "cpe": ["cpe:/a:ethereal_group:ethereal:0.9.4"], "modified": "2008-09-05T16:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0822", "id": "CVE-2002-0822", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-03T03:28:14", "references": ["http://www.ethereal.com/appnotes/enpa-sa-00006.html"], "description": "Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.", "edition": 1, "reporter": "NVD", "published": "2002-09-24T00:00:00", "title": "CVE-2002-0834", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T03:28:14", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2002-0834"], "scanner": [], "cpe": ["cpe:/a:ethereal_group:ethereal:0.8", "cpe:/a:ethereal_group:ethereal:0.9.1", "cpe:/a:ethereal_group:ethereal:0.9.3", "cpe:/a:ethereal_group:ethereal:0.9_.0", "cpe:/a:ethereal_group:ethereal:0.9.5", "cpe:/a:ethereal_group:ethereal:0.9.4", "cpe:/a:ethereal_group:ethereal:0.9.2", "cpe:/a:ethereal_group:ethereal:0.8.18"], "modified": "2008-09-10T15:12:59", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0834", "id": "CVE-2002-0834", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Related OSVDB ID: 4474](https://vulners.com/osvdb/OSVDB:4474)\n[Related OSVDB ID: 4475](https://vulners.com/osvdb/OSVDB:4475)\n[Related OSVDB ID: 4476](https://vulners.com/osvdb/OSVDB:4476)\nGeneric Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "reporter": "OSVDB", "published": "2002-06-28T09:43:00", "title": "Ethereal WCP Dissector Large Frame Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "modified": "2002-06-28T09:43:00", "id": "OSVDB:6920", "href": "https://vulners.com/osvdb/OSVDB:6920", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Related OSVDB ID: 4474](https://vulners.com/osvdb/OSVDB:4474)\n[Related OSVDB ID: 4475](https://vulners.com/osvdb/OSVDB:4475)\n[Related OSVDB ID: 4476](https://vulners.com/osvdb/OSVDB:4476)\n[Related OSVDB ID: 6921](https://vulners.com/osvdb/OSVDB:6921)\n[Related OSVDB ID: 6922](https://vulners.com/osvdb/OSVDB:6922)\nGeneric Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "reporter": "OSVDB", "published": "2002-06-28T09:43:00", "title": "Ethereal LMP Dissector Malformed Packet Core Dump DoS", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "modified": "2002-06-28T09:43:00", "href": "https://vulners.com/osvdb/OSVDB:6923", "id": "OSVDB:6923", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:59", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Related OSVDB ID: 4474](https://vulners.com/osvdb/OSVDB:4474)\n[Related OSVDB ID: 4475](https://vulners.com/osvdb/OSVDB:4475)\n[Related OSVDB ID: 6920](https://vulners.com/osvdb/OSVDB:6920)\nGeneric Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "reporter": "OSVDB", "published": "2002-06-28T09:43:00", "type": "osvdb", "title": "Ethereal BGP Dissector Remote Overflow", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "modified": "2002-06-28T09:43:00", "href": "https://vulners.com/osvdb/OSVDB:4476", "id": "OSVDB:4476", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Related OSVDB ID: 4474](https://vulners.com/osvdb/OSVDB:4474)\n[Related OSVDB ID: 4475](https://vulners.com/osvdb/OSVDB:4475)\n[Related OSVDB ID: 6923](https://vulners.com/osvdb/OSVDB:6923)\n[Related OSVDB ID: 4476](https://vulners.com/osvdb/OSVDB:4476)\n[Related OSVDB ID: 6921](https://vulners.com/osvdb/OSVDB:6921)\nGeneric Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "reporter": "OSVDB", "published": "2002-06-28T09:43:00", "title": "Ethereal AFS Dissector Malformed Packet Core Dump DoS", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "modified": "2002-06-28T09:43:00", "id": "OSVDB:6922", "href": "https://vulners.com/osvdb/OSVDB:6922", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:59", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.9.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00006.html)\n[Related OSVDB ID: 4475](https://vulners.com/osvdb/OSVDB:4475)\n[Related OSVDB ID: 4476](https://vulners.com/osvdb/OSVDB:4476)\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "reporter": "OSVDB", "published": "2002-08-20T09:43:00", "type": "osvdb", "title": "Ethereal ISIS Dissector Remote Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "modified": "2002-08-20T09:43:00", "href": "https://vulners.com/osvdb/OSVDB:4474", "id": "OSVDB:4474", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:59", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Related OSVDB ID: 4474](https://vulners.com/osvdb/OSVDB:4474)\n[Related OSVDB ID: 6923](https://vulners.com/osvdb/OSVDB:6923)\n[Related OSVDB ID: 4476](https://vulners.com/osvdb/OSVDB:4476)\n[Related OSVDB ID: 6921](https://vulners.com/osvdb/OSVDB:6921)\n[Related OSVDB ID: 6922](https://vulners.com/osvdb/OSVDB:6922)\nGeneric Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "reporter": "OSVDB", "published": "2002-06-28T09:43:00", "type": "osvdb", "title": "Ethereal SOCKS Dissector Malformed Packet Core Dump DoS", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "modified": "2002-06-28T09:43:00", "href": "https://vulners.com/osvdb/OSVDB:4475", "id": "OSVDB:4475", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-11-16T04:52:41", "references": ["http://ethereal.archive.sunet.se/appnotes/enpa-sa-00006.html", "https://access.redhat.com/security/cve/cve-2002-0402", "https://access.redhat.com/errata/RHSA-2002:170", "https://access.redhat.com/security/cve/cve-2002-0834", "https://access.redhat.com/security/cve/cve-2002-0822", "http://ethereal.archive.sunet.se/appnotes/enpa-sa-00005.html", "https://access.redhat.com/security/cve/cve-2002-0404", "https://access.redhat.com/security/cve/cve-2002-0821", "http://ethereal.archive.sunet.se/appnotes/enpa-sa-00004.html", "https://access.redhat.com/security/cve/cve-2002-0403"], "pluginID": "12319", "description": "Updated ethereal packages are available which fix several security problems.\n\nEthereal is a package designed for monitoring network traffic on your system. Several security issues have been found in the Ethereal packages distributed with Red Hat Linux Advanced Server :\n\nBuffer overflow in Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via the ISIS dissector. (CVE-2002-0834)\n\nBuffer overflows in Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. (CVE-2002-0821)\n\nEthereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump (CVE-2002-0822)\n\nA buffer overflow in the X11 dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms.\n(CVE-2002-0402)\n\nThe DNS dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. (CVE-2002-0403)\n\nA vulnerability in the GIOP dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (memory consumption).\n(CVE-2002-0404)\n\nUsers of Ethereal should update to the errata packages containing Ethereal version 0.9.6 which is not vulnerable to these issues.", "edition": 7, "reporter": "Tenable", "published": "2004-07-06T00:00:00", "title": "RHEL 2.1 : ethereal (RHSA-2002:170)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0403", "CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0404", "CVE-2002-0402", "CVE-2002-0834"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:ethereal-gnome", "p-cpe:/a:redhat:enterprise_linux:ethereal"], "id": "REDHAT-RHSA-2002-170.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12319", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2002:170. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12319);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/11/15 11:40:29\");\n\n script_cve_id(\"CVE-2002-0402\", \"CVE-2002-0403\", \"CVE-2002-0404\", \"CVE-2002-0821\", \"CVE-2002-0822\", \"CVE-2002-0834\");\n script_xref(name:\"RHSA\", value:\"2002:170\");\n\n script_name(english:\"RHEL 2.1 : ethereal (RHSA-2002:170)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ethereal packages are available which fix several security\nproblems.\n\nEthereal is a package designed for monitoring network traffic on your\nsystem. Several security issues have been found in the Ethereal\npackages distributed with Red Hat Linux Advanced Server :\n\nBuffer overflow in Ethereal 0.9.5 and earlier allows remote attackers\nto cause a denial of service or execute arbitrary code via the ISIS\ndissector. (CVE-2002-0834)\n\nBuffer overflows in Ethereal 0.9.4 and earlier allows remote attackers\nto cause a denial of service or execute arbitrary code via (1) the BGP\ndissector, or (2) the WCP dissector. (CVE-2002-0821)\n\nEthereal 0.9.4 and earlier allows remote attackers to cause a denial\nof service and possibly execute arbitrary code via the (1) SOCKS, (2)\nRSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump\n(CVE-2002-0822)\n\nA buffer overflow in the X11 dissector in Ethereal before 0.9.4 allows\nremote attackers to cause a denial of service (crash) and possibly\nexecute arbitrary code while Ethereal is parsing keysyms.\n(CVE-2002-0402)\n\nThe DNS dissector in Ethereal before 0.9.4 allows remote attackers to\ncause a denial of service (CPU consumption) via a malformed packet\nthat causes Ethereal to enter an infinite loop. (CVE-2002-0403)\n\nA vulnerability in the GIOP dissector in Ethereal before 0.9.4 allows\nremote attackers to cause a denial of service (memory consumption).\n(CVE-2002-0404)\n\nUsers of Ethereal should update to the errata packages containing\nEthereal version 0.9.6 which is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-0402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-0403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-0404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-0821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-0822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-0834\"\n );\n # http://www.ethereal.com/appnotes/enpa-sa-00006.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00006.html\"\n );\n # http://www.ethereal.com/appnotes/enpa-sa-00005.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00005.html\"\n );\n # http://www.ethereal.com/appnotes/enpa-sa-00004.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2002:170\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ethereal and / or ethereal-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ethereal-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2002:170\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ethereal-0.9.6-0.AS21.0\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ethereal-gnome-0.9.6-0.AS21.0\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ethereal / ethereal-gnome\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:12", "references": ["http://www.debian.org/security/2002/dsa-162"], "pluginID": "14999", "description": "Ethereal developers discovered a buffer overflow in the ISIS protocol dissector. It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems.", "edition": 5, "reporter": "Tenable", "published": "2004-09-29T00:00:00", "title": "Debian DSA-162-1 : ethereal - buffer overflow", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0834"], "modified": "2018-07-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ethereal", "cpe:/o:debian:debian_linux:2.2", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-162.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14999", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-162. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14999);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/20 2:17:10\");\n\n script_cve_id(\"CVE-2002-0834\");\n script_bugtraq_id(5573);\n script_xref(name:\"DSA\", value:\"162\");\n\n script_name(english:\"Debian DSA-162-1 : ethereal - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ethereal developers discovered a buffer overflow in the ISIS protocol\ndissector. It may be possible to make Ethereal crash or hang by\ninjecting a purposefully malformed packet onto the wire, or by\nconvincing someone to read a malformed packet trace file. It may be\npossible to make Ethereal run arbitrary code by exploiting the buffer\nand pointer problems.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2002/dsa-162\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ethereal packages.\n\nThis problem has been fixed in version 0.9.4-1woody2 for the current\nstable distribution (woody), in version 0.8.0-4potato.1 for the old\nstable distribution (potato) and in version 0.9.6-1 for the unstable\ndistribution (sid).\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"ethereal\", reference:\"0.8.0-4potato.1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ethereal\", reference:\"0.9.4-1woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ethereal-common\", reference:\"0.9.4-1woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ethereal-dev\", reference:\"0.9.4-1woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"tethereal\", reference:\"0.9.4-1woody2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:02", "references": [], "affectedPackage": [], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 162-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nSeptember 6th, 2002 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ethereal\nVulnerability : buffer overflow\nProblem-Type : remote\nDebian-specific: no\nCVE Id : CAN-2002-0834\nBugTraq Id : 5573\n\nEthereal developers discovered a buffer overflow in the ISIS protocol\ndissector. It may be possible to make Ethereal crash or hang by\ninjecting a purposefully malformed packet onto the wire, or by\nconvincing someone to read a malformed packet trace file. It may be\npossible to make Ethereal run arbitrary code by exploiting the buffer\nand pointer problems.\n\nThis problem has been fixed in version 0.9.4-1woody2 for the current\nstable stable distribution (woody), in version 0.8.0-4potato.1 for\nthe old stable distribution (potato) and in version 0.9.6-1 for the\nunstable distribution (sid).\n\nWe recommend that you upgrade your ethereal packages.\n\nwget url\n\twill fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 2.2 alias potato\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1.dsc\n Size/MD5 checksum: 628 ab3421f7cfe2592bcae97ee21d2037f0\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1.diff.gz\n Size/MD5 checksum: 52487 8f845d3572e699bd09ed8b7590ef5c8c\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0.orig.tar.gz\n Size/MD5 checksum: 1033560 297ae32cc23a154497dad6a1f964bdb1\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_alpha.deb\n Size/MD5 checksum: 725082 8ce2153f5f27d7f6c22aa45187c85a6b\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_arm.deb\n Size/MD5 checksum: 559580 da451f098a62af65f67c5c93dedff929\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_i386.deb\n Size/MD5 checksum: 520452 c04c0c6253dc91ea8f773cb1607258df\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_m68k.deb\n Size/MD5 checksum: 489770 dd7d17f57ed7b44922453f72d483c55d\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_powerpc.deb\n Size/MD5 checksum: 573334 13d6a9f30560b0d7056bb2938d62c5bf\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_sparc.deb\n Size/MD5 checksum: 554286 7540dd04b2f43db168b579a5b5e4640e\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2.dsc\n Size/MD5 checksum: 679 3422eaafcc0c6790921c2fadcfb45c21\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2.diff.gz\n Size/MD5 checksum: 34257 9ba55fbe1973fa07eaea17ceddb0a47b\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz\n Size/MD5 checksum: 3278908 42e999daa659820ee93aaaa39ea1e9ea\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_alpha.deb\n Size/MD5 checksum: 1939060 dfb7750119b7688c3d8d8650d17f0d7c\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_alpha.deb\n Size/MD5 checksum: 333594 56dff0c9ce5c97aa17b7ddec5764fc7e\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_alpha.deb\n Size/MD5 checksum: 221390 7387c42257ef764a2ff02af5f6f10800\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_alpha.deb\n Size/MD5 checksum: 1705962 f8269a5cb64515afe3a4c898e2e35b81\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_arm.deb\n Size/MD5 checksum: 1633044 e90d102738aeb2534c7e70acb7873c73\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_arm.deb\n Size/MD5 checksum: 296362 20785f615601377d95a35c18509428c8\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_arm.deb\n Size/MD5 checksum: 205268 cc1809339123e98a18c068214e46ba84\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_arm.deb\n Size/MD5 checksum: 1437240 8ca230be12a78181179c50ec59f14019\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_i386.deb\n Size/MD5 checksum: 1511486 dc02fd03fa24a93e5aefa5db2fb3c38f\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_i386.deb\n Size/MD5 checksum: 285708 fead37813e0a8b27b2d198ed96a09e72\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_i386.deb\n Size/MD5 checksum: 197506 3e35362ff31f9c8831da433664a87793\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_i386.deb\n Size/MD5 checksum: 1324234 589dbb41e4b8be0b6f59e1d5029a4534\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_ia64.deb\n Size/MD5 checksum: 2148514 346ba1362fee8a9384ec622a90ca4da8\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_ia64.deb\n Size/MD5 checksum: 372474 d71f6a54b81e9a02fa90fe9d9f655fac\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_ia64.deb\n Size/MD5 checksum: 232940 8631b791d6ea4745ec5f9391f1342964\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_ia64.deb\n Size/MD5 checksum: 1858670 0748a27f6467eed6e3b990c38adb8ae4\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_hppa.deb\n Size/MD5 checksum: 1801788 490b5d284861576248e1f4b0dc68f23d\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_hppa.deb\n Size/MD5 checksum: 321500 dcf0dcbf57aa1974b34ca2a9282226d5\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_hppa.deb\n Size/MD5 checksum: 216122 feebbfda5ae79df0a6319aa91eefad69\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_hppa.deb\n Size/MD5 checksum: 1574400 f6c277ee39939222422ccf22c405cdcc\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_m68k.deb\n Size/MD5 checksum: 1422128 52618cb598d1cb02aab4265fa1a1e109\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_m68k.deb\n Size/MD5 checksum: 281842 093f64d0bfd4f7e285649f085ed23c9e\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_m68k.deb\n Size/MD5 checksum: 194400 157b134dea7ae457bb1b45e0c5700761\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_m68k.deb\n Size/MD5 checksum: 1246528 cc2467a18ff370127eda708863498e7c\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_mips.deb\n Size/MD5 checksum: 1615518 39e888789a4e9b5ae41e9dd9f34d8a70\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_mips.deb\n Size/MD5 checksum: 304542 f150ce7984701d180e72c9119df878d9\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_mips.deb\n Size/MD5 checksum: 212856 20e638a8b96d5f6261145f0a2d7aa61b\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_mips.deb\n Size/MD5 checksum: 1420690 2953c5e2019b980f34e3cda644423791\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_mipsel.deb\n Size/MD5 checksum: 1595962 116c1f6662b30ce208e0b911e0a48abd\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_mipsel.deb\n Size/MD5 checksum: 304078 e6c2ee04916033005787227a6a9ff249\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_mipsel.deb\n Size/MD5 checksum: 212514 c8cc996cbe70c49b381f4094ab79a0fd\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_mipsel.deb\n Size/MD5 checksum: 1404638 e7de537c62efa30669c622df80eb0cfa\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_powerpc.deb\n Size/MD5 checksum: 1616370 d06e81e77f2b378354b7109cfff3999e\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_powerpc.deb\n Size/MD5 checksum: 301234 3ad14331ebbc28828bfe8d86d06d39d3\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_powerpc.deb\n Size/MD5 checksum: 208070 003a9293509b86352699297f2dcd06a1\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_powerpc.deb\n Size/MD5 checksum: 1417096 f8e168e799a3513a4c6c4e5978b48997\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_s390.deb\n Size/MD5 checksum: 1531624 8d1247e48022c9eca049d6f82fa27b0c\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_s390.deb\n Size/MD5 checksum: 294854 79dfa75bd8dc5594ba00ec45ff018621\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_s390.deb\n Size/MD5 checksum: 200804 e16d387f4b152dd66c9942b2b4a63ab8\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_s390.deb\n Size/MD5 checksum: 1347014 69976bdae0c3f1747e0ef505f99b9685\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_sparc.deb\n Size/MD5 checksum: 1580330 957aa365762f5597bbd0b4b504b0b8b1\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_sparc.deb\n Size/MD5 checksum: 317396 a3a32b25fb8e461c51b6c7f1b4b769f0\n http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_sparc.deb\n Size/MD5 checksum: 203866 c29c5dfd294938398b73ecdc1e5a868f\n http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_sparc.deb\n Size/MD5 checksum: 1387140 6c89ba3a017d51ffbb58c0db6e3c6504\n\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 1, "reporter": "Debian", "published": "2002-09-06T00:00:00", "title": "[SECURITY] [DSA 162-1] New ethereal packages fix buffer overflow", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:02", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2002-0834"], "modified": "2002-09-06T00:00:00", "id": "DEBIAN:DSA-162-1:D3D72", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2002/msg00080.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:19", "references": [], "pluginID": "53729", "description": "The remote host is missing an update to ethereal\nannounced via advisory DSA 162-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 162-1 (ethereal)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0834"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53729", "id": "OPENVAS:53729", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_162_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 162-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ethereal developers discovered a buffer overflow in the ISIS protocol\ndissector. It may be possible to make Ethereal crash or hang by\ninjecting a purposefully malformed packet onto the wire, or by\nconvincing someone to read a malformed packet trace file. It may be\npossible to make Ethereal run arbitrary code by exploiting the buffer\nand pointer problems.\n\nThis problem has been fixed in version 0.9.4-1woody2 for the current\nstable stable distribution (woody), in version 0.8.0-4potato.1 for\nthe old stable distribution (potato) and in version 0.9.6-1 for the\nunstable distribution (sid).\n\nWe recommend that you upgrade your ethereal packages.\";\ntag_summary = \"The remote host is missing an update to ethereal\nannounced via advisory DSA 162-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20162-1\";\n\nif(description)\n{\n script_id(53729);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:24:46 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0834\");\n script_bugtraq_id(5573);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 162-1 (ethereal)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ethereal\", ver:\"0.8.0-4potato.1\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ethereal\", ver:\"0.9.4-1woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ethereal-common\", ver:\"0.9.4-1woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ethereal-dev\", ver:\"0.9.4-1woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tethereal\", ver:\"0.9.4-1woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}