CVE-2004-0365 - The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows r

CVE-2004-0365

Summary

The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.

References

Vulnerable Configurations

cpe:2.3:a:ethereal:ethereal:0.8.13:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.8.13:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.9.11:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.9.11:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.9.12:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.9.12:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.9.13a:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.9.13a:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:ethereal:ethereal:0.10.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

oval via4

accepted

2007-04-25T19:53:06.701-04:00

class

vulnerability

contributors

name Jay Beale
organization Bastille Linux
name Jay Beale
organization Bastille Linux
name Thomas R. Jones
organization Maitreya Security

description

family

unix

oval:org.mitre.oval:def:879

status

accepted

submitted

2004-04-07T12:00:00.000-04:00

title

Red Hat Ethereal Denial of Service via Malformed RADIUS Packet

version

accepted

2007-04-25T19:53:07.785-04:00

class

vulnerability

contributors

name Jay Beale
organization Bastille Linux
name Jay Beale
organization Bastille Linux
name Jay Beale
organization Bastille Linux
name Thomas R. Jones
organization Maitreya Security

description

family

unix

oval:org.mitre.oval:def:891

status

accepted

submitted

2004-04-08T12:00:00.000-04:00

title

Red Hat Enterprise 3 Ethereal Denial of Service via Malformed RADIUS Packet

version

accepted

2013-04-29T04:18:27.981-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651

description

family

unix

oval:org.mitre.oval:def:9196

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa
id RHSA-2004:136
rhsa
id RHSA-2004:137

rpms

ethereal-0:0.10.3-0.30E.1
ethereal-gnome-0:0.10.3-0.30E.1

refmap via4

bugtraq	20040329 LNSA-#2004-0007: Multiple security problems in Ethereal 20040416 [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal)
cert-vn	VU#124454
conectiva	CLA-2004:835
confirm	http://www.ethereal.com/appnotes/enpa-sa-00013.html
gentoo	GLSA-200403-07
mandrake	MDKSA-2004:024
mlist	[ethereal-dev] 20040318 ethereal radius dissector vulnerability
secunia	11185
xf	ethereal-radius-dos(15571)

Last major update

14-02-2024 - 01:17

Published

04-05-2004 - 04:00

Last modified

14-02-2024 - 01:17