Search...

Ethereal RSVP Dissector Malformed Packet Core Dump DoS

2002-06-28T09:43:00

ID OSVDB:6921
Type osvdb
Reporter OSVDB
Modified 2002-06-28T09:43:00

Description

Solution Description

Upgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Related OSVDB ID: 4474 Related OSVDB ID: 4475 Related OSVDB ID: 6923 Related OSVDB ID: 4476 Related OSVDB ID: 6922 Generic Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html CVE-2002-0834 CVE-2002-0821 CVE-2002-0822

JSON Vulners Source

Initial Source

{"edition": 1, "title": "Ethereal RSVP Dissector Malformed Packet Core Dump DoS", "bulletinFamily": "software", "published": "2002-06-28T09:43:00", "lastseen": "2017-04-28T13:20:01", "history": [], "modified": "2002-06-28T09:43:00", "reporter": "OSVDB", "hash": "8df8e5a20896a5365a7c1fcc24b3b91170248749116b078b6c076f26dfd6c7a6", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:6921", "description": "## Solution Description\nUpgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Related OSVDB ID: 4474](https://vulners.com/osvdb/OSVDB:4474)\n[Related OSVDB ID: 4475](https://vulners.com/osvdb/OSVDB:4475)\n[Related OSVDB ID: 6923](https://vulners.com/osvdb/OSVDB:6923)\n[Related OSVDB ID: 4476](https://vulners.com/osvdb/OSVDB:4476)\n[Related OSVDB ID: 6922](https://vulners.com/osvdb/OSVDB:6922)\nGeneric Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "affectedSoftware": [], "type": "osvdb", "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "a079cd423e535a8e267580811350c130"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "566c52c91ed8d90e525b48c28a4460da"}, {"key": "href", "hash": "cffcc3e77eaeeca385c9addacad8f457"}, {"key": "modified", "hash": "55aaabab1d643727f4054934a3739819"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "55aaabab1d643727f4054934a3739819"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "bad496dcb00d409caf8bf1abefe86472"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "id": "OSVDB:6921"}

{"cve": [{"lastseen": "2016-09-03T03:27:59", "references": ["http://www.ethereal.com/appnotes/enpa-sa-00005.html", "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505"], "description": "Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector.", "edition": 1, "reporter": "NVD", "published": "2002-08-12T00:00:00", "title": "CVE-2002-0821", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T03:27:59", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2002-0821"], "scanner": [], "cpe": ["cpe:/a:ethereal_group:ethereal:0.9.4"], "modified": "2008-09-05T16:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0821", "id": "CVE-2002-0821", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-03T03:28:01", "references": ["http://www.ethereal.com/appnotes/enpa-sa-00005.html", "http://www.securityfocus.com/bid/5167"], "description": "Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump.", "edition": 1, "reporter": "NVD", "published": "2002-08-12T00:00:00", "title": "CVE-2002-0822", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T03:28:01", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2002-0822"], "scanner": [], "cpe": ["cpe:/a:ethereal_group:ethereal:0.9.4"], "modified": "2008-09-05T16:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0822", "id": "CVE-2002-0822", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-03T03:28:14", "references": ["http://www.ethereal.com/appnotes/enpa-sa-00006.html"], "description": "Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.", "edition": 1, "reporter": "NVD", "published": "2002-09-24T00:00:00", "title": "CVE-2002-0834", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T03:28:14", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2002-0834"], "scanner": [], "cpe": ["cpe:/a:ethereal_group:ethereal:0.8", "cpe:/a:ethereal_group:ethereal:0.9.1", "cpe:/a:ethereal_group:ethereal:0.9.3", "cpe:/a:ethereal_group:ethereal:0.9_.0", "cpe:/a:ethereal_group:ethereal:0.9.5", "cpe:/a:ethereal_group:ethereal:0.9.4", "cpe:/a:ethereal_group:ethereal:0.9.2", "cpe:/a:ethereal_group:ethereal:0.8.18"], "modified": "2008-09-10T15:12:59", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0834", "id": "CVE-2002-0834", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:59", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.9.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Vendor Specific Advisory URL](http://www.ethereal.com/appnotes/enpa-sa-00006.html)\n[Related OSVDB ID: 4475](https://vulners.com/osvdb/OSVDB:4475)\n[Related OSVDB ID: 4476](https://vulners.com/osvdb/OSVDB:4476)\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "reporter": "OSVDB", "published": "2002-08-20T09:43:00", "type": "osvdb", "title": "Ethereal ISIS Dissector Remote Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "modified": "2002-08-20T09:43:00", "href": "https://vulners.com/osvdb/OSVDB:4474", "id": "OSVDB:4474", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Related OSVDB ID: 4474](https://vulners.com/osvdb/OSVDB:4474)\n[Related OSVDB ID: 4475](https://vulners.com/osvdb/OSVDB:4475)\n[Related OSVDB ID: 6923](https://vulners.com/osvdb/OSVDB:6923)\n[Related OSVDB ID: 4476](https://vulners.com/osvdb/OSVDB:4476)\n[Related OSVDB ID: 6921](https://vulners.com/osvdb/OSVDB:6921)\nGeneric Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "reporter": "OSVDB", "published": "2002-06-28T09:43:00", "title": "Ethereal AFS Dissector Malformed Packet Core Dump DoS", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "modified": "2002-06-28T09:43:00", "id": "OSVDB:6922", "href": "https://vulners.com/osvdb/OSVDB:6922", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Related OSVDB ID: 4474](https://vulners.com/osvdb/OSVDB:4474)\n[Related OSVDB ID: 4475](https://vulners.com/osvdb/OSVDB:4475)\n[Related OSVDB ID: 4476](https://vulners.com/osvdb/OSVDB:4476)\nGeneric Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "reporter": "OSVDB", "published": "2002-06-28T09:43:00", "title": "Ethereal WCP Dissector Large Frame Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "modified": "2002-06-28T09:43:00", "id": "OSVDB:6920", "href": "https://vulners.com/osvdb/OSVDB:6920", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:01", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Related OSVDB ID: 4474](https://vulners.com/osvdb/OSVDB:4474)\n[Related OSVDB ID: 4475](https://vulners.com/osvdb/OSVDB:4475)\n[Related OSVDB ID: 4476](https://vulners.com/osvdb/OSVDB:4476)\n[Related OSVDB ID: 6921](https://vulners.com/osvdb/OSVDB:6921)\n[Related OSVDB ID: 6922](https://vulners.com/osvdb/OSVDB:6922)\nGeneric Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "reporter": "OSVDB", "published": "2002-06-28T09:43:00", "title": "Ethereal LMP Dissector Malformed Packet Core Dump DoS", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "modified": "2002-06-28T09:43:00", "href": "https://vulners.com/osvdb/OSVDB:6923", "id": "OSVDB:6923", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:59", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Related OSVDB ID: 4474](https://vulners.com/osvdb/OSVDB:4474)\n[Related OSVDB ID: 4475](https://vulners.com/osvdb/OSVDB:4475)\n[Related OSVDB ID: 6920](https://vulners.com/osvdb/OSVDB:6920)\nGeneric Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "reporter": "OSVDB", "published": "2002-06-28T09:43:00", "type": "osvdb", "title": "Ethereal BGP Dissector Remote Overflow", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "modified": "2002-06-28T09:43:00", "href": "https://vulners.com/osvdb/OSVDB:4476", "id": "OSVDB:4476", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:19:59", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 0.9.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\n[Related OSVDB ID: 4474](https://vulners.com/osvdb/OSVDB:4474)\n[Related OSVDB ID: 6923](https://vulners.com/osvdb/OSVDB:6923)\n[Related OSVDB ID: 4476](https://vulners.com/osvdb/OSVDB:4476)\n[Related OSVDB ID: 6921](https://vulners.com/osvdb/OSVDB:6921)\n[Related OSVDB ID: 6922](https://vulners.com/osvdb/OSVDB:6922)\nGeneric Informational URL: http://www.ethereal.com/appnotes/enpa-sa-00005.html\n[CVE-2002-0834](https://vulners.com/cve/CVE-2002-0834)\n[CVE-2002-0821](https://vulners.com/cve/CVE-2002-0821)\n[CVE-2002-0822](https://vulners.com/cve/CVE-2002-0822)\n", "reporter": "OSVDB", "published": "2002-06-28T09:43:00", "type": "osvdb", "title": "Ethereal SOCKS Dissector Malformed Packet Core Dump DoS", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0834"], "modified": "2002-06-28T09:43:00", "href": "https://vulners.com/osvdb/OSVDB:4475", "id": "OSVDB:4475", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:38:46", "references": ["https://www.redhat.com/security/data/cve/CVE-2002-0404.html", "https://www.redhat.com/security/data/cve/CVE-2002-0822.html", "http://ethereal.archive.sunet.se/appnotes/enpa-sa-00006.html", "https://www.redhat.com/security/data/cve/CVE-2002-0834.html", "http://rhn.redhat.com/errata/RHSA-2002-170.html", "https://www.redhat.com/security/data/cve/CVE-2002-0821.html", "https://www.redhat.com/security/data/cve/CVE-2002-0402.html", "http://ethereal.archive.sunet.se/appnotes/enpa-sa-00005.html", "https://www.redhat.com/security/data/cve/CVE-2002-0403.html", "http://ethereal.archive.sunet.se/appnotes/enpa-sa-00004.html"], "pluginID": "12319", "description": "Updated ethereal packages are available which fix several security problems.\n\nEthereal is a package designed for monitoring network traffic on your system. Several security issues have been found in the Ethereal packages distributed with Red Hat Linux Advanced Server :\n\nBuffer overflow in Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via the ISIS dissector. (CVE-2002-0834)\n\nBuffer overflows in Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. (CVE-2002-0821)\n\nEthereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump (CVE-2002-0822)\n\nA buffer overflow in the X11 dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms.\n(CVE-2002-0402)\n\nThe DNS dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. (CVE-2002-0403)\n\nA vulnerability in the GIOP dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (memory consumption).\n(CVE-2002-0404)\n\nUsers of Ethereal should update to the errata packages containing Ethereal version 0.9.6 which is not vulnerable to these issues.", "edition": 5, "reporter": "Tenable", "published": "2004-07-06T00:00:00", "title": "RHEL 2.1 : ethereal (RHSA-2002:170)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0403", "CVE-2002-0821", "CVE-2002-0822", "CVE-2002-0404", "CVE-2002-0402", "CVE-2002-0834"], "modified": "2016-12-28T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:ethereal-gnome", "p-cpe:/a:redhat:enterprise_linux:ethereal"], "id": "REDHAT-RHSA-2002-170.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12319", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2002:170. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12319);\n script_version (\"$Revision: 1.21 $\");\n script_cvs_date(\"$Date: 2016/12/28 17:44:42 $\");\n\n script_cve_id(\"CVE-2002-0402\", \"CVE-2002-0403\", \"CVE-2002-0404\", \"CVE-2002-0821\", \"CVE-2002-0822\", \"CVE-2002-0834\");\n script_xref(name:\"RHSA\", value:\"2002:170\");\n\n script_name(english:\"RHEL 2.1 : ethereal (RHSA-2002:170)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ethereal packages are available which fix several security\nproblems.\n\nEthereal is a package designed for monitoring network traffic on your\nsystem. Several security issues have been found in the Ethereal\npackages distributed with Red Hat Linux Advanced Server :\n\nBuffer overflow in Ethereal 0.9.5 and earlier allows remote attackers\nto cause a denial of service or execute arbitrary code via the ISIS\ndissector. (CVE-2002-0834)\n\nBuffer overflows in Ethereal 0.9.4 and earlier allows remote attackers\nto cause a denial of service or execute arbitrary code via (1) the BGP\ndissector, or (2) the WCP dissector. (CVE-2002-0821)\n\nEthereal 0.9.4 and earlier allows remote attackers to cause a denial\nof service and possibly execute arbitrary code via the (1) SOCKS, (2)\nRSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump\n(CVE-2002-0822)\n\nA buffer overflow in the X11 dissector in Ethereal before 0.9.4 allows\nremote attackers to cause a denial of service (crash) and possibly\nexecute arbitrary code while Ethereal is parsing keysyms.\n(CVE-2002-0402)\n\nThe DNS dissector in Ethereal before 0.9.4 allows remote attackers to\ncause a denial of service (CPU consumption) via a malformed packet\nthat causes Ethereal to enter an infinite loop. (CVE-2002-0403)\n\nA vulnerability in the GIOP dissector in Ethereal before 0.9.4 allows\nremote attackers to cause a denial of service (memory consumption).\n(CVE-2002-0404)\n\nUsers of Ethereal should update to the errata packages containing\nEthereal version 0.9.6 which is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2002-0402.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2002-0403.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2002-0404.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2002-0821.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2002-0822.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2002-0834.html\"\n );\n # http://www.ethereal.com/appnotes/enpa-sa-00006.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00006.html\"\n );\n # http://www.ethereal.com/appnotes/enpa-sa-00005.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00005.html\"\n );\n # http://www.ethereal.com/appnotes/enpa-sa-00004.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2002-170.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ethereal and / or ethereal-gnome packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ethereal-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2002:170\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ethereal-0.9.6-0.AS21.0\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ethereal-gnome-0.9.6-0.AS21.0\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ethereal / ethereal-gnome\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:12", "references": ["http://www.debian.org/security/2002/dsa-162"], "pluginID": "14999", "description": "Ethereal developers discovered a buffer overflow in the ISIS protocol dissector. It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems.", "edition": 5, "reporter": "Tenable", "published": "2004-09-29T00:00:00", "title": "Debian DSA-162-1 : ethereal - buffer overflow", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0834"], "modified": "2018-07-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ethereal", "cpe:/o:debian:debian_linux:2.2", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-162.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14999", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-162. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14999);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/20 2:17:10\");\n\n script_cve_id(\"CVE-2002-0834\");\n script_bugtraq_id(5573);\n script_xref(name:\"DSA\", value:\"162\");\n\n script_name(english:\"Debian DSA-162-1 : ethereal - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ethereal developers discovered a buffer overflow in the ISIS protocol\ndissector. It may be possible to make Ethereal crash or hang by\ninjecting a purposefully malformed packet onto the wire, or by\nconvincing someone to read a malformed packet trace file. It may be\npossible to make Ethereal run arbitrary code by exploiting the buffer\nand pointer problems.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2002/dsa-162\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ethereal packages.\n\nThis problem has been fixed in version 0.9.4-1woody2 for the current\nstable distribution (woody), in version 0.8.0-4potato.1 for the old\nstable distribution (potato) and in version 0.9.6-1 for the unstable\ndistribution (sid).\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ethereal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"ethereal\", reference:\"0.8.0-4potato.1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ethereal\", reference:\"0.9.4-1woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ethereal-common\", reference:\"0.9.4-1woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ethereal-dev\", reference:\"0.9.4-1woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"tethereal\", reference:\"0.9.4-1woody2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:19", "references": [], "pluginID": "53729", "description": "The remote host is missing an update to ethereal\nannounced via advisory DSA 162-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 162-1 (ethereal)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0834"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53729", "id": "OPENVAS:53729", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_162_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 162-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ethereal developers discovered a buffer overflow in the ISIS protocol\ndissector. It may be possible to make Ethereal crash or hang by\ninjecting a purposefully malformed packet onto the wire, or by\nconvincing someone to read a malformed packet trace file. It may be\npossible to make Ethereal run arbitrary code by exploiting the buffer\nand pointer problems.\n\nThis problem has been fixed in version 0.9.4-1woody2 for the current\nstable stable distribution (woody), in version 0.8.0-4potato.1 for\nthe old stable distribution (potato) and in version 0.9.6-1 for the\nunstable distribution (sid).\n\nWe recommend that you upgrade your ethereal packages.\";\ntag_summary = \"The remote host is missing an update to ethereal\nannounced via advisory DSA 162-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20162-1\";\n\nif(description)\n{\n script_id(53729);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:24:46 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0834\");\n script_bugtraq_id(5573);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 162-1 (ethereal)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ethereal\", ver:\"0.8.0-4potato.1\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ethereal\", ver:\"0.9.4-1woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ethereal-common\", ver:\"0.9.4-1woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ethereal-dev\", ver:\"0.9.4-1woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tethereal\", ver:\"0.9.4-1woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:37:11", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal_0.9.4-1woody2_alpha.deb", "packageName": "ethereal", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal_0.9.4-1woody2_sparc.deb", "packageName": "ethereal", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "tethereal_0.9.4-1woody2_alpha.deb", "packageName": "tethereal", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-common_0.9.4-1woody2_hppa.deb", "packageName": "ethereal-common", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-common_0.9.4-1woody2_arm.deb", "packageName": "ethereal-common", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "tethereal_0.9.4-1woody2_s390.deb", "packageName": "tethereal", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-dev_0.9.4-1woody2_mipsel.deb", "packageName": "ethereal-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-dev_0.9.4-1woody2_sparc.deb", "packageName": "ethereal-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "0.8.0-4potato.1", "packageFilename": "ethereal_0.8.0-4potato.1_powerpc.deb", "packageName": "ethereal", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "tethereal_0.9.4-1woody2_i386.deb", "packageName": "tethereal", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-common_0.9.4-1woody2_mipsel.deb", "packageName": "ethereal-common", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-common_0.9.4-1woody2_m68k.deb", "packageName": "ethereal-common", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "0.8.0-4potato.1.diff", "packageFilename": "ethereal_0.8.0-4potato.1.diff.gz", "packageName": "ethereal", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-common_0.9.4-1woody2_powerpc.deb", "packageName": "ethereal-common", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-dev_0.9.4-1woody2_arm.deb", "packageName": "ethereal-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "tethereal_0.9.4-1woody2_powerpc.deb", "packageName": "tethereal", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2.diff", "packageFilename": "ethereal_0.9.4-1woody2.diff.gz", "packageName": "ethereal", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-dev_0.9.4-1woody2_s390.deb", "packageName": "ethereal-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal_0.9.4-1woody2_i386.deb", "packageName": "ethereal", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "0.8.0-4potato.1", "packageFilename": "ethereal_0.8.0-4potato.1_m68k.deb", "packageName": "ethereal", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "0.8.0-4potato.1", "packageFilename": "ethereal_0.8.0-4potato.1_alpha.deb", "packageName": "ethereal", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal_0.9.4-1woody2_powerpc.deb", "packageName": "ethereal", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal_0.9.4-1woody2.dsc", "packageName": "ethereal", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "0.8.0-4potato.1", "packageFilename": "ethereal_0.8.0-4potato.1_arm.deb", "packageName": "ethereal", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "tethereal_0.9.4-1woody2_m68k.deb", "packageName": "tethereal", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-common_0.9.4-1woody2_mips.deb", "packageName": "ethereal-common", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-dev_0.9.4-1woody2_alpha.deb", "packageName": "ethereal-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal_0.9.4-1woody2_arm.deb", "packageName": "ethereal", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal_0.9.4-1woody2_m68k.deb", "packageName": "ethereal", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "0.8.0-4potato.1", "packageFilename": "ethereal_0.8.0-4potato.1_i386.deb", "packageName": "ethereal", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-dev_0.9.4-1woody2_mips.deb", "packageName": "ethereal-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-dev_0.9.4-1woody2_hppa.deb", "packageName": "ethereal-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-dev_0.9.4-1woody2_m68k.deb", "packageName": "ethereal-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "tethereal_0.9.4-1woody2_arm.deb", "packageName": "tethereal", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "0.8.0.orig", "packageFilename": "ethereal_0.8.0.orig.tar.gz", "packageName": "ethereal", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "tethereal_0.9.4-1woody2_hppa.deb", "packageName": "tethereal", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4.orig", "packageFilename": "ethereal_0.9.4.orig.tar.gz", "packageName": "ethereal", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-common_0.9.4-1woody2_alpha.deb", "packageName": "ethereal-common", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal_0.9.4-1woody2_s390.deb", "packageName": "ethereal", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-common_0.9.4-1woody2_sparc.deb", "packageName": "ethereal-common", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal_0.9.4-1woody2_hppa.deb", "packageName": "ethereal", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "tethereal_0.9.4-1woody2_mipsel.deb", "packageName": "tethereal", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal_0.9.4-1woody2_mipsel.deb", "packageName": "ethereal", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-dev_0.9.4-1woody2_ia64.deb", "packageName": "ethereal-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-common_0.9.4-1woody2_ia64.deb", "packageName": "ethereal-common", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "tethereal_0.9.4-1woody2_sparc.deb", "packageName": "tethereal", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-dev_0.9.4-1woody2_i386.deb", "packageName": "ethereal-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-common_0.9.4-1woody2_s390.deb", "packageName": "ethereal-common", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "tethereal_0.9.4-1woody2_mips.deb", "packageName": "tethereal", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-dev_0.9.4-1woody2_powerpc.deb", "packageName": "ethereal-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "0.8.0-4potato.1", "packageFilename": "ethereal_0.8.0-4potato.1.dsc", "packageName": "ethereal", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal-common_0.9.4-1woody2_i386.deb", "packageName": "ethereal-common", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal_0.9.4-1woody2_ia64.deb", "packageName": "ethereal", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "tethereal_0.9.4-1woody2_ia64.deb", "packageName": "tethereal", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "0.8.0-4potato.1", "packageFilename": "ethereal_0.8.0-4potato.1_sparc.deb", "packageName": "ethereal", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.9.4-1woody2", "packageFilename": "ethereal_0.9.4-1woody2_mips.deb", "packageName": "ethereal", "arch": "mips", "operator": "lt"}], "description": "Ethereal developers discovered a buffer overflow in the ISIS protocol dissector. It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems.\n\nThis problem has been fixed in version 0.9.4-1woody2 for the current stable distribution (woody), in version 0.8.0-4potato.1 for the old stable distribution (potato) and in version 0.9.6-1 for the unstable distribution (sid).\n\nWe recommend that you upgrade your ethereal packages.", "edition": 1, "reporter": "Debian", "published": "2002-09-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "ethereal -- buffer overflow", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2002-0834"], "modified": "2002-09-06T00:00:00", "id": "DSA-162", "href": "http://www.debian.org/security/dsa-162", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}