Vulnerabilities > CVE-2003-0925 - Unspecified vulnerability in Ethereal Group Ethereal

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-407.NASL
    descriptionSeveral vulnerabilities were discovered upstream in ethereal, a network traffic analyzer. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2003-0925 A buffer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string. - CAN-2003-0926 Via certain malformed ISAKMP or MEGACO packets remote attackers are able to cause a denial of service (crash). - CAN-2003-0927 A heap-based buffer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector. - CAN-2003-1012 The SMB dissector allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of selected packets. - CAN-2003-1013 The Q.931 dissector allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.
    last seen2020-06-01
    modified2020-06-02
    plugin id15244
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15244
    titleDebian DSA-407-1 : ethereal - buffer overflows
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-407. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15244);
      script_version("1.21");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2003-0925", "CVE-2003-0926", "CVE-2003-0927", "CVE-2003-1012", "CVE-2003-1013");
      script_bugtraq_id(9248, 9249);
      script_xref(name:"DSA", value:"407");
    
      script_name(english:"Debian DSA-407-1 : ethereal - buffer overflows");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were discovered upstream in ethereal, a
    network traffic analyzer. The Common Vulnerabilities and Exposures
    project identifies the following problems :
    
      - CAN-2003-0925
        A buffer overflow allows remote attackers to cause a
        denial of service and possibly execute arbitrary code
        via a malformed GTP MSISDN string.
    
      - CAN-2003-0926
    
        Via certain malformed ISAKMP or MEGACO packets remote
        attackers are able to cause a denial of service (crash).
    
      - CAN-2003-0927
    
        A heap-based buffer overflow allows remote attackers to
        cause a denial of service (crash) and possibly execute
        arbitrary code via the SOCKS dissector.
    
      - CAN-2003-1012
    
        The SMB dissector allows remote attackers to cause a
        denial of service via a malformed SMB packet that
        triggers a segmentation fault during processing of
        selected packets.
    
      - CAN-2003-1013
    
        The Q.931 dissector allows remote attackers to cause a
        denial of service (crash) via a malformed Q.931, which
        triggers a null dereference."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2004/dsa-407"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the ethereal and tethereal packages.
    
    For the stable distribution (woody) this problem has been fixed in
    version 0.9.4-1woody6."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ethereal");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/01/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"ethereal", reference:"0.9.4-1woody6")) flag++;
    if (deb_check(release:"3.0", prefix:"ethereal-common", reference:"0.9.4-1woody6")) flag++;
    if (deb_check(release:"3.0", prefix:"ethereal-dev", reference:"0.9.4-1woody6")) flag++;
    if (deb_check(release:"3.0", prefix:"tethereal", reference:"0.9.4-1woody6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-324.NASL
    descriptionUpdated Ethereal packages that fix a number of exploitable security issues are now available. Ethereal is a program for monitoring network traffic. A number of security issues affect Ethereal. By exploiting these issues, it may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully-malformed packet onto the wire or by convincing someone to read a malformed packet trace file. A buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0925 to this issue. Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed ISAKMP or MEGACO packets. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0926 to this issue. A heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0927 to this issue. Users of Ethereal should update to these erratum packages containing Ethereal version 0.9.16, which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id12433
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12433
    titleRHEL 2.1 / 3 : ethereal (RHSA-2003:324)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-114.NASL
    descriptionA number of vulnerabilities were discovered in ethereal that, if exploited, could be used to make ethereal crash or run arbitrary code by injecting malicious malformed packets onto the wire or by convincing someone to read a malformed packet trace file. A buffer overflow allows attackers to cause a DoS (Denial of Service) and possibly execute arbitrary code using a malformed GTP MSISDN string (CVE-2003-0925). Likewise, a DoS can be caused by using malformed ISAKMP or MEGACO packets (CVE-2003-0926). Finally, a heap-based buffer overflow allows attackers to cause a DoS or execute arbitrary code using the SOCKS dissector (CVE-2003-0927). All three vulnerabilities affect all versions of Ethereal up to and including 0.9.15. This update provides 0.9.16 which corrects all of these issues. Also note that each vulnerability can be exploited by a remote attacker.
    last seen2020-06-01
    modified2020-06-02
    plugin id14096
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14096
    titleMandrake Linux Security Advisory : ethereal (MDKSA-2003:114)

Oval

accepted2013-04-29T04:21:23.703-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionBuffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.
familyunix
idoval:org.mitre.oval:def:9692
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleBuffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.
version26

Redhat

advisories
  • rhsa
    idRHSA-2003:323
  • rhsa
    idRHSA-2003:324
rpms
  • ethereal-0:0.9.16-0.30E.1
  • ethereal-gnome-0:0.9.16-0.30E.1