ID CVE-2004-0635
Summary The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
References
Vulnerable Configurations
  • cpe:2.3:a:ethereal_group:ethereal:0.8.15
    cpe:2.3:a:ethereal_group:ethereal:0.8.15
  • cpe:2.3:a:ethereal_group:ethereal:0.8.16
    cpe:2.3:a:ethereal_group:ethereal:0.8.16
  • cpe:2.3:a:ethereal_group:ethereal:0.8.17
    cpe:2.3:a:ethereal_group:ethereal:0.8.17
  • cpe:2.3:a:ethereal_group:ethereal:0.8.18
    cpe:2.3:a:ethereal_group:ethereal:0.8.18
  • cpe:2.3:a:ethereal_group:ethereal:0.8.19
    cpe:2.3:a:ethereal_group:ethereal:0.8.19
  • cpe:2.3:a:ethereal_group:ethereal:0.9
    cpe:2.3:a:ethereal_group:ethereal:0.9
  • cpe:2.3:a:ethereal_group:ethereal:0.9.1
    cpe:2.3:a:ethereal_group:ethereal:0.9.1
  • cpe:2.3:a:ethereal_group:ethereal:0.9.2
    cpe:2.3:a:ethereal_group:ethereal:0.9.2
  • cpe:2.3:a:ethereal_group:ethereal:0.9.3
    cpe:2.3:a:ethereal_group:ethereal:0.9.3
  • cpe:2.3:a:ethereal_group:ethereal:0.9.4
    cpe:2.3:a:ethereal_group:ethereal:0.9.4
  • cpe:2.3:a:ethereal_group:ethereal:0.9.5
    cpe:2.3:a:ethereal_group:ethereal:0.9.5
  • cpe:2.3:a:ethereal_group:ethereal:0.9.6
    cpe:2.3:a:ethereal_group:ethereal:0.9.6
  • cpe:2.3:a:ethereal_group:ethereal:0.9.7
    cpe:2.3:a:ethereal_group:ethereal:0.9.7
  • cpe:2.3:a:ethereal_group:ethereal:0.9.8
    cpe:2.3:a:ethereal_group:ethereal:0.9.8
  • cpe:2.3:a:ethereal_group:ethereal:0.9.9
    cpe:2.3:a:ethereal_group:ethereal:0.9.9
  • cpe:2.3:a:ethereal_group:ethereal:0.9.10
    cpe:2.3:a:ethereal_group:ethereal:0.9.10
  • cpe:2.3:a:ethereal_group:ethereal:0.9.11
    cpe:2.3:a:ethereal_group:ethereal:0.9.11
  • cpe:2.3:a:ethereal_group:ethereal:0.9.12
    cpe:2.3:a:ethereal_group:ethereal:0.9.12
  • cpe:2.3:a:ethereal_group:ethereal:0.9.13
    cpe:2.3:a:ethereal_group:ethereal:0.9.13
  • cpe:2.3:a:ethereal_group:ethereal:0.9.14
    cpe:2.3:a:ethereal_group:ethereal:0.9.14
  • cpe:2.3:a:ethereal_group:ethereal:0.9.15
    cpe:2.3:a:ethereal_group:ethereal:0.9.15
  • cpe:2.3:a:ethereal_group:ethereal:0.9.16
    cpe:2.3:a:ethereal_group:ethereal:0.9.16
  • cpe:2.3:a:ethereal_group:ethereal:0.10
    cpe:2.3:a:ethereal_group:ethereal:0.10
  • cpe:2.3:a:ethereal_group:ethereal:0.10.1
    cpe:2.3:a:ethereal_group:ethereal:0.10.1
  • cpe:2.3:a:ethereal_group:ethereal:0.10.2
    cpe:2.3:a:ethereal_group:ethereal:0.10.2
  • cpe:2.3:a:ethereal_group:ethereal:0.10.3
    cpe:2.3:a:ethereal_group:ethereal:0.10.3
  • cpe:2.3:a:ethereal_group:ethereal:0.10.4
    cpe:2.3:a:ethereal_group:ethereal:0.10.4
  • Gentoo Linux
    cpe:2.3:o:gentoo:linux
  • MandrakeSoft Mandrake Linux 9.2
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2
  • MandrakeSoft Mandrake Linux 10.0
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:as
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:as
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_265C8B00D2D011D8B47902E0185C0B53.NASL
    description Issues have been discovered in multiple protocol dissectors.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 36365
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36365
    title FreeBSD : multiple vulnerabilities in ethereal (265c8b00-d2d0-11d8-b479-02e0185c0b53)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-220.NASL
    description Issues have been discovered in the following protocol dissectors : - The iSNS dissector could make Ethereal abort in some cases. (0.10.3 - 0.10.4) CVE-2004-0633 - SMB SID snooping could crash if there was no policy name for a handle. (0.9.15 - 0.10.4) CVE-2004-0634 - The SNMP dissector could crash due to a malformed or missing community string. (0.8.15 - 0.10.4) CVE-2004-0635 Impact : It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution : Upgrade to 0.10.5. If you are running a version prior to 0.10.5 and you cannot upgrade, you can disable all of the protocol dissectors listed above by selecting Analyze->Enabled Protocols... and deselecting them from the list. For SMB, you can alternatively disable SID snooping in the SMB protocol preferences. However, it is strongly recommended that you upgrade to 0.10.5. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13739
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13739
    title Fedora Core 2 : ethereal-0.10.5-0.2.1 (2004-220)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_ETHEREAL_0105.NASL
    description The following package needs to be updated: ethereal
    last seen 2016-09-26
    modified 2011-10-03
    plugin id 12646
    published 2004-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12646
    title FreeBSD : multiple vulnerabilities in ethereal (42)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200407-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200407-08 (Ethereal: Multiple security problems) There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.5, including: In some cases the iSNS dissector could cause Ethereal to abort. If there was no policy name for a handle for SMB SID snooping it could cause a crash. A malformed or missing community string could cause the SNMP dissector to crash. Impact : An attacker could use these vulnerabilities to crash Ethereal or even execute arbitrary code with the permissions of the user running Ethereal, which could be the root user. Workaround : For a temporary workaround you can disable all affected protocol dissectors by selecting Analyze->Enabled Protocols... and deselecting them from the list. For SMB you can disable SID snooping in the SMB protocol preference. However, it is strongly recommended to upgrade to the latest stable version.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 14541
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14541
    title GLSA-200407-08 : Ethereal: Multiple security problems
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-219.NASL
    description Issues have been discovered in the following protocol dissectors : - The iSNS dissector could make Ethereal abort in some cases. (0.10.3 - 0.10.4) CVE-2004-0633 - SMB SID snooping could crash if there was no policy name for a handle. (0.9.15 - 0.10.4) CVE-2004-0634 - The SNMP dissector could crash due to a malformed or missing community string. (0.8.15 - 0.10.4) CVE-2004-0635 Impact : It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution : Upgrade to 0.10.5. If you are running a version prior to 0.10.5 and you cannot upgrade, you can disable all of the protocol dissectors listed above by selecting Analyze->Enabled Protocols... and deselecting them from the list. For SMB, you can alternatively disable SID snooping in the SMB protocol preferences. However, it is strongly recommended that you upgrade to 0.10.5. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13738
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13738
    title Fedora Core 1 : ethereal-0.10.5-0.1.1 (2004-219)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-528.NASL
    description Several denial of service vulnerabilities were discovered in ethereal, a network traffic analyzer. These vulnerabilities are described in the ethereal advisory 'enpa-sa-00015'. Of these, only one ( CAN-2004-0635) affects the version of ethereal in Debian woody. This vulnerability could be exploited by a remote attacker to crash ethereal with an invalid SNMP packet.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 15365
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15365
    title Debian DSA-528-1 : ethereal - denial of service
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-067.NASL
    description Three vulnerabilities were discovered in Ethereal versions prior to 0.10.5 in the iSNS, SMB SID, and SNMP dissectors. It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet into the wire or by convincing someone to read a malformed packet trace file. These vulnerabilities have been corrected in Ethereal 0.10.5.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14166
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14166
    title Mandrake Linux Security Advisory : ethereal (MDKSA-2004:067)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-378.NASL
    description Updated Ethereal packages that fix various security vulnerabilities are now available. Ethereal is a program for monitoring network traffic. The SNMP dissector in Ethereal releases 0.8.15 through 0.10.4 contained a memory read flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0635 to this issue. The SMB dissector in Ethereal releases 0.9.15 through 0.10.4 contained a NULL pointer flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0634 to this issue. The iSNS dissector in Ethereal releases 0.10.3 through 0.10.4 contained an integer overflow flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0633 to this issue. Users of Ethereal should upgrade to these updated packages, which contain a version that is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14215
    published 2004-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14215
    title RHEL 2.1 / 3 : ethereal (RHSA-2004:378)
oval via4
accepted 2013-04-29T04:21:36.335-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
family unix
id oval:org.mitre.oval:def:9721
status accepted
submitted 2010-07-09T03:56:16-04:00
title The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
version 23
redhat via4
advisories
rhsa
id RHSA-2004:378
refmap via4
cert-vn VU#835846
conectiva CLA-2005:916
confirm
debian DSA-528
fedora
  • FEDORA-2004-219
  • FEDORA-2004-220
gentoo GLSA-200407-08
mandrake MDKSA-2004:067
sectrack 1010655
secunia 12024
xf ethereal-snmp-community-dos(16632)
Last major update 21-08-2010 - 00:20
Published 06-12-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top