ID CVE-2005-0765
Summary Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).
References
Vulnerable Configurations
  • cpe:2.3:a:ethereal_group:ethereal:0.10.9
    cpe:2.3:a:ethereal_group:ethereal:0.10.9
CVSS
Base: 5.0 (as of 10-06-2005 - 13:42)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-306.NASL
    description Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ethereal package is a program for monitoring network traffic. A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws and cause Ethereal to crash or potentially execute arbitrary code. A buffer overflow flaw was discovered in the Etheric dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0704 to this issue. The GPRS-LLC dissector could crash if the 'ignore cipher bit' option was set. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0705 to this issue. A buffer overflow flaw was discovered in the 3GPP2 A11 dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0699 to this issue. A buffer overflow flaw was discovered in the IAPP dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0739 to this issue. Users of ethereal should upgrade to these updated packages, which contain version 0.10.10 and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17366
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17366
    title RHEL 2.1 / 3 / 4 : ethereal (RHSA-2005:306)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200503-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200503-16 (Ethereal: Multiple vulnerabilities) There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.10, including: The Etheric, 3GPP2 A11 and IAPP dissectors are vulnerable to buffer overflows (CAN-2005-0704, CAN-2005-0699 and CAN-2005-0739). The GPRS-LLC could crash when the 'ignore cipher bit' option is enabled (CAN-2005-0705). Various vulnerabilities in JXTA and sFlow dissectors. Impact : An attacker might be able to use these vulnerabilities to crash Ethereal and execute arbitrary code with the permissions of the user running Ethereal, which could be the root user. Workaround : For a temporary workaround you can disable all affected protocol dissectors. However, it is strongly recommended that you upgrade to the latest stable version.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 17318
    published 2005-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17318
    title GLSA-200503-16 : Ethereal: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-053.NASL
    description A number of issues were discovered in Ethereal versions prior to 0.10.10, which is provided by this update. Matevz Pustisek discovered a buffer overflow in the Etheric dissector (CVE-2005-0704); the GPRS-LLC dissector could crash if the 'ignore cipher bit' was enabled (CVE-2005-0705); Diego Giago found a buffer overflow in the 3GPP2 A11 dissector (CVE-2005-0699); Leon Juranic found a buffer overflow in the IAPP dissector (CVE-2005-0739); and bugs in the JXTA and sFlow dissectors could make Ethereal crash.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 17331
    published 2005-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17331
    title Mandrake Linux Security Advisory : ethereal (MDKSA-2005:053)
oval via4
accepted 2013-04-29T04:00:53.367-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).
family unix
id oval:org.mitre.oval:def:10048
status accepted
submitted 2010-07-09T03:56:16-04:00
title Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).
version 24
redhat via4
rpms
  • ethereal-gnome-0:0.10.10-1.EL3.1
  • ethereal-0:0.10.10-1.EL3.1
  • ethereal-gnome-0:0.10.10-1.EL4.1
  • ethereal-0:0.10.10-1.EL4.1
refmap via4
bid 12762
confirm http://www.ethereal.com/appnotes/enpa-sa-00018.html
gentoo GLSA-200503-16
mandrake MDKSA-2005:053
Last major update 21-08-2010 - 00:26
Published 12-03-2005 - 00:00
Last modified 10-10-2017 - 21:30
Back to Top