ID CVE-2006-1934
Summary Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code.
References
Vulnerable Configurations
  • cpe:2.3:a:ethereal_group:ethereal:0.10
    cpe:2.3:a:ethereal_group:ethereal:0.10
  • cpe:2.3:a:ethereal_group:ethereal:0.10.0
    cpe:2.3:a:ethereal_group:ethereal:0.10.0
  • cpe:2.3:a:ethereal_group:ethereal:0.10.0a
    cpe:2.3:a:ethereal_group:ethereal:0.10.0a
  • cpe:2.3:a:ethereal_group:ethereal:0.10.1
    cpe:2.3:a:ethereal_group:ethereal:0.10.1
  • cpe:2.3:a:ethereal_group:ethereal:0.10.2
    cpe:2.3:a:ethereal_group:ethereal:0.10.2
  • cpe:2.3:a:ethereal_group:ethereal:0.10.3
    cpe:2.3:a:ethereal_group:ethereal:0.10.3
  • cpe:2.3:a:ethereal_group:ethereal:0.10.4
    cpe:2.3:a:ethereal_group:ethereal:0.10.4
  • cpe:2.3:a:ethereal_group:ethereal:0.10.5
    cpe:2.3:a:ethereal_group:ethereal:0.10.5
  • cpe:2.3:a:ethereal_group:ethereal:0.10.6
    cpe:2.3:a:ethereal_group:ethereal:0.10.6
  • cpe:2.3:a:ethereal_group:ethereal:0.10.7
    cpe:2.3:a:ethereal_group:ethereal:0.10.7
  • cpe:2.3:a:ethereal_group:ethereal:0.10.8
    cpe:2.3:a:ethereal_group:ethereal:0.10.8
  • cpe:2.3:a:ethereal_group:ethereal:0.10.9
    cpe:2.3:a:ethereal_group:ethereal:0.10.9
  • cpe:2.3:a:ethereal_group:ethereal:0.10.10
    cpe:2.3:a:ethereal_group:ethereal:0.10.10
  • cpe:2.3:a:ethereal_group:ethereal:0.10.11
    cpe:2.3:a:ethereal_group:ethereal:0.10.11
  • cpe:2.3:a:ethereal_group:ethereal:0.10.12
    cpe:2.3:a:ethereal_group:ethereal:0.10.12
  • cpe:2.3:a:ethereal_group:ethereal:0.10.13
    cpe:2.3:a:ethereal_group:ethereal:0.10.13
CVSS
Base: 5.0 (as of 26-04-2006 - 09:30)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2006-456.NASL
    description Many security vulnerabilities have been fixed since the previous release. - The H.248 dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937 - The UMA dissector could go into an infinite loop. Versions affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933 - The X.509if dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937 - The SRVLOC dissector could crash. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1937 - The H.245 dissector could crash. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1937 - Ethereal's OID printing routine was susceptible to an off-by-one error. Versions affected: 0.10.14. CVE: CVE-2006-1932 - The COPS dissector could overflow a buffer. Versions affected: 0.9.15 - 0.10.14. CVE: CVE-2006-1935 - The ALCAP dissector could overflow a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934 Under a grant funded by the U.S. Department of Homeland Security, Coverity has uncovered a number of vulnerabilities in Ethereal : - The statistics counter could crash Ethereal. Versions affected: 0.10.10 - 0.10.14. CVE: CVE-2006-1937 - Ethereal could crash while reading a malformed Sniffer capture. Versions affected: 0.8.12 - 0.10.14. CVE: CVE-2006-1938 - An invalid display filter could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 - The general packet dissector could crash Ethereal. Versions affected: 0.10.9 - 0.10.14. CVE: CVE-2006-1937 - The AIM dissector could crash Ethereal. Versions affected: 0.10.7 - 0.10.14. CVE: CVE-2006-1937 - The RPC dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939 - The DCERPC dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 - The ASN.1 dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939 - The SMB PIPE dissector could crash Ethereal. Versions affected: 0.8.20 - 0.10.14. CVE: CVE-2006-1938 - The BER dissector could loop excessively. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1933 - The SNDCP dissector could abort. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1940 - The Network Instruments file code could overrun a buffer. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1934 - The NetXray/Windows Sniffer file code could overrun a buffer. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1934 - The GSM SMS dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 - The ALCAP dissector could overrun a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934 - The telnet dissector could overrun a buffer. Versions affected: 0.8.5 - 0.10.14. CVE: CVE-2006-1936 - ASN.1-based dissectors could crash Ethereal. Versions affected: 0.9.10 - 0.10.14. CVE: CVE-2006-1939 - The H.248 dissector could crash Ethereal. Versions affected: 0.10.11 - 0.10.14. CVE: CVE-2006-1937 - The DCERPC NT dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939 - The PER dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21274
    published 2006-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21274
    title Fedora Core 5 : ethereal-0.99.0-fc5.1 (2006-456)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200604-17.NASL
    description The remote host is affected by the vulnerability described in GLSA-200604-17 (Ethereal: Multiple vulnerabilities in protocol dissectors) Coverity discovered numerous vulnerabilities in versions of Ethereal prior to 0.99.0, including: buffer overflows in the ALCAP (CVE-2006-1934), COPS (CVE-2006-1935) and telnet (CVE-2006-1936) dissectors. buffer overflows in the NetXray/Windows Sniffer and Network Instruments file code (CVE-2006-1934). For further details please consult the references below. Impact : An attacker might be able to exploit these vulnerabilities to crash Ethereal or execute arbitrary code with the permissions of the user running Ethereal, which could be the root user. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 21299
    published 2006-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21299
    title GLSA-200604-17 : Ethereal: Multiple vulnerabilities in protocol dissectors
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0420.NASL
    description Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ethereal is a program for monitoring network traffic. Several denial of service bugs were found in Ethereal's protocol dissectors. Ethereal could crash or stop responding if it reads a malformed packet off the network. (CVE-2006-1932, CVE-2006-1933, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940) Several buffer overflow bugs were found in Ethereal's COPS, telnet, and ALCAP dissectors as well as Network Instruments file code and NetXray/Windows Sniffer file code. Ethereal could crash or execute arbitrary code if it reads a malformed packet off the network. (CVE-2006-1934, CVE-2006-1935, CVE-2006-1936) Users of ethereal should upgrade to these updated packages containing version 0.99.0, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 21364
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21364
    title RHEL 2.1 / 3 / 4 : ethereal (RHSA-2006:0420)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_21C223F2D59611DA809800123FFE8333.NASL
    description Secunia reports : Multiple vulnerabilities have been reported in Ethereal, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. The vulnerabilities are caused due to various types of errors including boundary errors, an off-by-one error, an infinite loop error, and several unspecified errors in a multitude of protocol dissectors. Successful exploitation causes Ethereal to stop responding, consume a large amount of system resources, crash, or execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21397
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21397
    title FreeBSD : ethereal -- Multiple Protocol Dissector Vulnerabilities (21c223f2-d596-11da-8098-00123ffe8333)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-077.NASL
    description A number of vulnerabilities have been discovered in the Ethereal network analyzer. These issues have been corrected in Ethereal version 0.99.0 which is provided with this update.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 21283
    published 2006-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21283
    title Mandrake Linux Security Advisory : ethereal (MDKSA-2006:077)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2006-461.NASL
    description Many security vulnerabilities have been fixed since the previous release. - The H.248 dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937 - The UMA dissector could go into an infinite loop. Versions affected: 0.10.12 - 0.10.14. CVE: CVE-2006-1933 - The X.509if dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937 - The SRVLOC dissector could crash. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1937 - The H.245 dissector could crash. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1937 - Ethereal's OID printing routine was susceptible to an off-by-one error. Versions affected: 0.10.14. CVE: CVE-2006-1932 - The COPS dissector could overflow a buffer. Versions affected: 0.9.15 - 0.10.14. CVE: CVE-2006-1935 - The ALCAP dissector could overflow a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934 Under a grant funded by the U.S. Department of Homeland Security, Coverity has uncovered a number of vulnerabilities in Ethereal : - The statistics counter could crash Ethereal. Versions affected: 0.10.10 - 0.10.14. CVE: CVE-2006-1937 - Ethereal could crash while reading a malformed Sniffer capture. Versions affected: 0.8.12 - 0.10.14. CVE: CVE-2006-1938 - An invalid display filter could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 - The general packet dissector could crash Ethereal. Versions affected: 0.10.9 - 0.10.14. CVE: CVE-2006-1937 - The AIM dissector could crash Ethereal. Versions affected: 0.10.7 - 0.10.14. CVE: CVE-2006-1937 - The RPC dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939 - The DCERPC dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 - The ASN.1 dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE: CVE-2006-1939 - The SMB PIPE dissector could crash Ethereal. Versions affected: 0.8.20 - 0.10.14. CVE: CVE-2006-1938 - The BER dissector could loop excessively. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1933 - The SNDCP dissector could abort. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-2006-1940 - The Network Instruments file code could overrun a buffer. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-2006-1934 - The NetXray/Windows Sniffer file code could overrun a buffer. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-2006-1934 - The GSM SMS dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14. CVE: CVE-2006-1939 - The ALCAP dissector could overrun a buffer. Versions affected: 0.10.14. CVE: CVE-2006-1934 - The telnet dissector could overrun a buffer. Versions affected: 0.8.5 - 0.10.14. CVE: CVE-2006-1936 - ASN.1-based dissectors could crash Ethereal. Versions affected: 0.9.10 - 0.10.14. CVE: CVE-2006-1939 - The H.248 dissector could crash Ethereal. Versions affected: 0.10.11 - 0.10.14. CVE: CVE-2006-1937 - The DCERPC NT dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939 - The PER dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE: CVE-2006-1939 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21294
    published 2006-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21294
    title Fedora Core 4 : ethereal-0.99.0-fc4.1 (2006-461)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0420.NASL
    description Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ethereal is a program for monitoring network traffic. Several denial of service bugs were found in Ethereal's protocol dissectors. Ethereal could crash or stop responding if it reads a malformed packet off the network. (CVE-2006-1932, CVE-2006-1933, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940) Several buffer overflow bugs were found in Ethereal's COPS, telnet, and ALCAP dissectors as well as Network Instruments file code and NetXray/Windows Sniffer file code. Ethereal could crash or execute arbitrary code if it reads a malformed packet off the network. (CVE-2006-1934, CVE-2006-1935, CVE-2006-1936) Users of ethereal should upgrade to these updated packages containing version 0.99.0, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21899
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21899
    title CentOS 3 / 4 : ethereal (CESA-2006:0420)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1049.NASL
    description Gerald Combs reported several vulnerabilities in ethereal, a popular network traffic analyser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1932 The OID printing routine is susceptible to an off-by-one error. - CVE-2006-1933 The UMA and BER dissectors could go into an infinite loop. - CVE-2006-1934 The Network Instruments file code could overrun a buffer. - CVE-2006-1935 The COPS dissector contains a potential buffer overflow. - CVE-2006-1936 The telnet dissector contains a buffer overflow. - CVE-2006-1937 Bugs in the SRVLOC and AIM dissector, and in the statistics counter could crash ethereal. - CVE-2006-1938 NULL pointer dereferences in the SMB PIPE dissector and when reading a malformed Sniffer capture could crash ethereal. - CVE-2006-1939 NULL pointer dereferences in the ASN.1, GSM SMS, RPC and ASN.1-based dissector and an invalid display filter could crash ethereal. - CVE-2006-1940 The SNDCP dissector could cause an unintended abortion.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22591
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22591
    title Debian DSA-1049-1 : ethereal - several vulnerabilities
oval via4
accepted 2013-04-29T04:05:45.544-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code.
family unix
id oval:org.mitre.oval:def:10445
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code.
version 23
redhat via4
advisories
rhsa
id RHSA-2006:0420
refmap via4
bid 17682
confirm
debian DSA-1049
fedora
  • FEDORA-2006-456
  • FEDORA-2006-461
gentoo GLSA-200604-17
mandriva MDKSA-2006:077
sectrack 1015985
secunia
  • 19769
  • 19805
  • 19828
  • 19839
  • 19958
  • 19962
  • 20117
  • 20210
  • 20944
sgi 20060501-01-U
suse SUSE-SR:2006:010
vupen ADV-2006-1501
xf
  • ethereal-alcap-dissector-bo(26014)
  • ethereal-net-instr-bo(26026)
  • ethereal-netxwin-sniffer-bo(26027)
Last major update 07-03-2011 - 21:34
Published 25-04-2006 - 08:50
Last modified 10-10-2017 - 21:30
Back to Top