ID CVE-2005-0739
Summary The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.
References
Vulnerable Configurations
  • cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*
    cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
accepted 2013-04-29T04:21:21.568-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.
family unix
id oval:org.mitre.oval:def:9687
status accepted
submitted 2010-07-09T03:56:16-04:00
title The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.
version 29
redhat via4
advisories
rhsa
id RHSA-2005:306
rpms
  • ethereal-0:0.10.10-1.EL3.1
  • ethereal-debuginfo-0:0.10.10-1.EL3.1
  • ethereal-gnome-0:0.10.10-1.EL3.1
refmap via4
bid 12762
bugtraq 20050312 Ethereal remote buffer overflow #2
confirm http://www.ethereal.com/appnotes/enpa-sa-00018.html
debian DSA-718
fedora FLSA-2006:152922
gentoo GLSA-200503-16
mandrake MDKSA-2005:053
misc
Last major update 11-10-2017 - 01:29
Published 02-05-2005 - 04:00
Last modified 11-10-2017 - 01:29
Back to Top