Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2004:136

The remote host is missing updates announced in
advisory RHSA-2004:136.

Ethereal is a program for monitoring network traffic.

Stefan Esser reported that Ethereal versions 0.10.1 and earlier contain
stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors.
On a system where Ethereal is being run a remote attacker could send
malicious packets that could cause Ethereal to crash or execute arbitrary
code. The Common Vulnerabilities and Exposures project ( has
assigned the name CVE-2004-0176 to this issue.

Jonathan Heussser discovered that a carefully-crafted RADIUS packet could
cause a crash. The Common Vulnerabilities and Exposures project
( has assigned the name CVE-2004-0365 to this issue.

Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of
service (crash) via a zero-length Presentation protocol selector. The
Common Vulnerabilities and Exposures project ( has assigned
the name CVE-2004-0367 to this issue.

Users of Ethereal should upgrade to these updated packages, which contain
a version of Ethereal that is not vulnerable to these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0176
Bugtraq: 20040323 Advisory 03/2004: Multiple (13) Ethereal remote overflows (Google Search)
Bugtraq: 20040329 LNSA-#2004-0007: Multiple security problems in Ethereal (Google Search)
Bugtraq: 20040416 [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal) (Google Search)
CERT/CC vulnerability note: VU#119876
CERT/CC vulnerability note: VU#125156
CERT/CC vulnerability note: VU#433596
CERT/CC vulnerability note: VU#591820
CERT/CC vulnerability note: VU#644886
CERT/CC vulnerability note: VU#659140
CERT/CC vulnerability note: VU#740188
CERT/CC vulnerability note: VU#864884
CERT/CC vulnerability note: VU#931588
Conectiva Linux advisory: CLA-2004:835
Debian Security Information: DSA-511 (Google Search)
XForce ISS Database: ethereal-multiple-dissectors-bo(15569)
Common Vulnerability Exposure (CVE) ID: CVE-2004-0365
CERT/CC vulnerability note: VU#124454
XForce ISS Database: ethereal-radius-dos(15571)
Common Vulnerability Exposure (CVE) ID: CVE-2004-0367
CERT/CC vulnerability note: VU#792286
XForce ISS Database: ethereal-zero-presentation-dos(15570)
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.