English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.50966
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2003:077
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2003:077.

Ethereal is a package designed for monitoring network traffic.

A number of security issues affect Ethereal. By exploiting these issues it
may be possible to make Ethereal crash or run arbitrary code by injecting a
purposefully malformed packet onto the wire, or by convincing someone to
read a malformed packet trace file.

Ethereal 0.9.9 and earlier allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via carefully
crafted SOCKS packets. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0081 to this issue.

A heap-based buffer overflow exists in the NTLMSSP code for Ethereal
0.9.9 and earlier. (CVE-2003-0159)

Multiple off-by-one vulnerabilities exist in Ethereal 0.9.11 and earlier in
the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP,
and TSP dissectors, which do not properly use the tvb_get_nstringz and
tvb_get_nstringz0 functions. (CVE-2003-0356)

Multiple integer overflow vulnerabilities exist in Ethereal 0.9.11 and
earlier in the Mount and PPP dissectors. (CVE-2003-0357)

A vulnerability in the DCERPC dissector exists in Ethereal 0.9.12 and
earlier, allowing remote attackers to cause a denial of service (memory
consumption) via a certain NDR string. (CVE-2003-0428)

A possible buffer overflow vulnerability exists in Ethereal 0.9.12 and
earlier, caused by invalid IPv4 or IPv6 prefix lengths and possibly
triggering a buffer overflow. (CVE-2003-0429)

A vulnerability exists in Ethereal 0.9.12 and earlier, allowing remote
attackers to cause a denial of service (crash) via an invalid ASN.1 value.
(CVE-2003-0430)

The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not
properly handle a zero-length buffer size. (CVE-2003-0431)

Ethereal 0.9.12 and earlier does not handle certain strings properly in the
BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI dissectors.
(CVE-2003-0432)

Users of Ethereal should update to these erratum packages containing
Ethereal version 0.9.13, which are not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-077.html
http://www.ethereal.com/appnotes/enpa-sa-00008.html
http://www.ethereal.com/appnotes/enpa-sa-00009.html
http://www.ethereal.com/appnotes/enpa-sa-00010.html

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-0081
BugTraq ID: 7049
http://www.securityfocus.com/bid/7049
Conectiva Linux advisory: CLSA-2003:627
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627
Debian Security Information: DSA-258 (Google Search)
http://www.debian.org/security/2003/dsa-258
http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html
http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051
http://www.guninski.com/etherre.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A54
http://www.redhat.com/support/errata/RHSA-2003-076.html
http://www.redhat.com/support/errata/RHSA-2003-077.html
SuSE Security Announcement: SuSE-SA:2003:019 (Google Search)
http://www.novell.com/linux/security/advisories/2003_019_ethereal.html
XForce ISS Database: ethereal-socks-format-string(11497)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11497
Common Vulnerability Exposure (CVE) ID: CVE-2003-0159
BugTraq ID: 7050
http://www.securityfocus.com/bid/7050
Bugtraq: 20030309 GLSA: ethereal (200303-10) (Google Search)
http://marc.info/?l=bugtraq&m=104741640924709&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2003:051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A55
Common Vulnerability Exposure (CVE) ID: CVE-2003-0356
CERT/CC vulnerability note: VU#641013
http://www.kb.cert.org/vuls/id/641013
Debian Security Information: DSA-313 (Google Search)
http://www.debian.org/security/2003/dsa-313
http://www.mandriva.com/security/advisories?name=MDKSA-2003:067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69
Common Vulnerability Exposure (CVE) ID: CVE-2003-0357
BugTraq ID: 7494
http://www.securityfocus.com/bid/7494
BugTraq ID: 7495
http://www.securityfocus.com/bid/7495
CERT/CC vulnerability note: VU#232164
http://www.kb.cert.org/vuls/id/232164
CERT/CC vulnerability note: VU#361700
http://www.kb.cert.org/vuls/id/361700
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A73
http://rhn.redhat.com/errata/RHSA-2003-077.html
Common Vulnerability Exposure (CVE) ID: CVE-2003-0428
CERT/CC vulnerability note: VU#542540
http://www.kb.cert.org/vuls/id/542540
Conectiva Linux advisory: CLA-2003:662
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
Debian Security Information: DSA-324 (Google Search)
http://www.debian.org/security/2003/dsa-324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A75
SCO Security Bulletin: CSSA-2003-030.0
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
http://secunia.com/advisories/9007
Common Vulnerability Exposure (CVE) ID: CVE-2003-0429
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A84
Common Vulnerability Exposure (CVE) ID: CVE-2003-0430
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A88
Common Vulnerability Exposure (CVE) ID: CVE-2003-0431
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A101
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.