CVE-2003-0356 - Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a

CVE-2003-0356

Summary

Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.

References

Vulnerable Configurations

cpe:2.3:a:ethereal:ethereal:-:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:-:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.8.13:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.8.13:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.9.11:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.9.11:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 16-02-2024 - 20:39)
Impact:
Exploitability:

CWE

CWE-193

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

oval via4

accepted

2007-04-25T19:52:39.216-04:00

class

vulnerability

contributors

name Jay Beale
organization Bastille Linux
name Jay Beale
organization Bastille Linux
name Thomas R. Jones
organization Maitreya Security

description

family

unix

oval:org.mitre.oval:def:69

status

accepted

submitted

2003-08-29T12:00:00.000-04:00

title

Off-by-one Vulnerabilities in Ethereal 0.9.11

version

redhat via4

advisories

rhsa

id	RHSA-2003:077

refmap via4

cert-vn	VU#641013
confirm	http://www.ethereal.com/appnotes/enpa-sa-00009.html
debian	DSA-313
mandrake	MDKSA-2003:067

Last major update

16-02-2024 - 20:39

Published

09-06-2003 - 04:00

Last modified

16-02-2024 - 20:39