ID CVE-2003-0432
Summary Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.
References
Vulnerable Configurations
  • cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*
    cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2007-04-25T19:52:13.077-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
description Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.
family unix
id oval:org.mitre.oval:def:106
status accepted
submitted 2003-08-29T12:00:00.000-04:00
title Various Ethereal Dissector Vulnerabilities
version 38
redhat via4
advisories
rhsa
id RHSA-2003:077
refmap via4
conectiva CLA-2003:662
confirm http://www.ethereal.com/appnotes/enpa-sa-00010.html
debian DSA-324
sco CSSA-2003-030.0
secunia 9007
Last major update 11-10-2017 - 01:29
Published 24-07-2003 - 04:00
Last modified 11-10-2017 - 01:29
Back to Top