Vulnerabilities > CVE-2002-0401 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-130.NASL |
description | Ethereal versions prior to 0.9.3 were vulnerable to an allocation error in the ASN.1 parser. This can be triggered when analyzing traffic using the SNMP, LDAP, COPS, or Kerberos protocols in ethereal. This vulnerability was announced in the ethereal security advisory enpa-sa-00003. This issue has been corrected in ethereal version 0.8.0-3potato for Debian 2.2 (potato). Additionally, a number of vulnerabilities were discussed in ethereal security advisory enpa-sa-00004; the version of ethereal in Debian 2.2 (potato) is not vulnerable to the issues raised in this later advisory. Users of the not-yet-released woody distribution should ensure that they are running ethereal 0.9.4-1 or a later version. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14967 |
published | 2004-09-29 |
reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14967 |
title | Debian DSA-130-1 : ethereal - remotely triggered memory allocation error |
code |
|
Redhat
advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
- http://marc.info/?l=bugtraq&m=102268626526119&w=2
- http://marc.info/?l=bugtraq&m=102268626526119&w=2
- http://www.debian.org/security/2002/dsa-130
- http://www.debian.org/security/2002/dsa-130
- http://www.ethereal.com/appnotes/enpa-sa-00004.html
- http://www.ethereal.com/appnotes/enpa-sa-00004.html
- http://www.iss.net/security_center/static/9204.php
- http://www.iss.net/security_center/static/9204.php
- http://www.redhat.com/support/errata/RHSA-2002-036.html
- http://www.redhat.com/support/errata/RHSA-2002-036.html
- http://www.redhat.com/support/errata/RHSA-2002-088.html
- http://www.redhat.com/support/errata/RHSA-2002-088.html
- http://www.securityfocus.com/bid/4806
- http://www.securityfocus.com/bid/4806