CVE-2006-1934 - Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial

CVE-2006-1934

Summary

Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code.

References

Vulnerable Configurations

cpe:2.3:a:ethereal_group:ethereal:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.0a:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.0a:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.10:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.10:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.13:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.13:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.3:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.3:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.4:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.4:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.7:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.7:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.12:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.12:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.11:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.11:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.5:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.5:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.6:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.6:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.8:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.8:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.9:*:*:*:*:*:*:*
cpe:2.3:a:ethereal_group:ethereal:0.10.9:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

oval via4

accepted

2013-04-29T04:05:45.544-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10445

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2006:0420

rpms

ethereal-0:0.99.0-EL3.2
ethereal-debuginfo-0:0.99.0-EL3.2
ethereal-gnome-0:0.99.0-EL3.2

refmap via4

bid	17682
confirm	http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm http://www.ethereal.com/appnotes/enpa-sa-00023.html
debian	DSA-1049
fedora	FEDORA-2006-456 FEDORA-2006-461
gentoo	GLSA-200604-17
mandriva	MDKSA-2006:077
sectrack	1015985
secunia	19769 19805 19828 19839 19958 19962 20117 20210 20944
sgi	20060501-01-U
suse	SUSE-SR:2006:010
vupen	ADV-2006-1501
xf	ethereal-alcap-dissector-bo(26014) ethereal-net-instr-bo(26026) ethereal-netxwin-sniffer-bo(26027)

Last major update

14-02-2024 - 01:17

Published

25-04-2006 - 12:50

Last modified

14-02-2024 - 01:17