Vulnerabilities > CVE-2004-0365 - NULL Pointer Dereference vulnerability in Ethereal
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_ETHEREAL_0103.NASL description The following package needs to be updated: ethereal last seen 2016-09-26 modified 2011-10-03 plugin id 12537 published 2004-07-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=12537 title FreeBSD : multiple vulnerabilities in ethereal (40) code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated by freebsd_pkg_cdf18ed97f4a11d896450020ed76ef5a.nasl. # # Disabled on 2011/10/02. # # # (C) Tenable Network Security, Inc. # # This script contains information extracted from VuXML : # # Copyright 2003-2006 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # include('compat.inc'); if ( description ) { script_id(12537); script_version("1.15"); script_bugtraq_id(9952); script_cve_id("CVE-2004-0367"); script_cve_id("CVE-2004-0365"); script_cve_id("CVE-2004-0176"); script_name(english:"FreeBSD : multiple vulnerabilities in ethereal (40)"); script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update'); script_set_attribute(attribute:'description', value:'The following package needs to be updated: ethereal'); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:'solution', value: 'Update the package on the remote host'); script_set_attribute(attribute: 'see_also', value: 'http://mozillanews.org/?article_date=2004-12-08+06-48-46 http://secunia.com/advisories/11185 http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ http://security.e-matters.de/advisories/032004.html http://www.ethereal.com/appnotes/enpa-sa-00013.html http://www.mozilla.org/security/announce/2006/mfsa2006-09.html http://www.mozilla.org/security/announce/2006/mfsa2006-10.html http://www.mozilla.org/security/announce/2006/mfsa2006-11.html http://www.mozilla.org/security/announce/2006/mfsa2006-12.html http://www.mozilla.org/security/announce/2006/mfsa2006-13.html http://www.mozilla.org/security/announce/2006/mfsa2006-14.html http://www.mozilla.org/security/announce/2006/mfsa2006-15.html http://www.mozilla.org/security/announce/2006/mfsa2006-16.html http://www.mozilla.org/security/announce/2006/mfsa2006-17.html https://bugzilla.mozilla.org/show_bug.cgi?id=103638 https://bugzilla.mozilla.org/show_bug.cgi?id=273699'); script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/cdf18ed9-7f4a-11d8-9645-0020ed76ef5a.html'); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06"); script_cvs_date("Date: 2018/08/22 16:49:14"); script_end_attributes(); script_summary(english:"Check for ethereal"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); family["english"] = "FreeBSD Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/FreeBSD/pkg_info"); exit(0); } # Deprecated. exit(0, "This plugin has been deprecated. Refer to plugin #38151 (freebsd_pkg_cdf18ed97f4a11d896450020ed76ef5a.nasl) instead."); global_var cvss_score; cvss_score=5; include('freebsd_package.inc'); pkg_test(pkg:"ethereal<0.10.3"); pkg_test(pkg:"tethereal<0.10.3");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-511.NASL description Several buffer overflow vulnerabilities were discovered in ethereal, a network traffic analyzer. These vulnerabilities are described in the ethereal advisory last seen 2020-06-01 modified 2020-06-02 plugin id 15348 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15348 title Debian DSA-511-1 : ethereal - buffer overflows NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-136.NASL description Updated Ethereal packages that fix various security vulnerabilities are now available. Ethereal is a program for monitoring network traffic. Stefan Esser reported that Ethereal versions 0.10.1 and earlier contain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors. On a system where Ethereal is being run a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0176 to this issue. Jonathan Heussser discovered that a carefully-crafted RADIUS packet could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0365 to this issue. Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0367 to this issue. Users of Ethereal should upgrade to these updated packages, which contain a version of Ethereal that is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 12482 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12482 title RHEL 2.1 / 3 : ethereal (RHSA-2004:136) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200403-07.NASL description The remote host is affected by the vulnerability described in GLSA-200403-07 (Multiple remote overflows and vulnerabilities in Ethereal) There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including: Thirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP. A zero-length Presentation protocol selector could make Ethereal crash. A vulnerability in the RADIUS packet dissector which may crash ethereal. A corrupt color filter file could cause a segmentation fault. Impact : These vulnerabilities may cause Ethereal to crash or may allow an attacker to run arbitrary code on the user last seen 2020-06-01 modified 2020-06-02 plugin id 14458 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14458 title GLSA-200403-07 : Multiple remote overflows and vulnerabilities in Ethereal NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_CDF18ED97F4A11D896450020ED76EF5A.NASL description Stefan Esser of e-matters Security discovered a baker last seen 2020-06-01 modified 2020-06-02 plugin id 38151 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38151 title FreeBSD : multiple vulnerabilities in ethereal (cdf18ed9-7f4a-11d8-9645-0020ed76ef5a) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-024.NASL description A number of serious issues have been discovered in versions of Ethereal prior to 0.10.2. Stefan Esser discovered thirteen buffer overflows in the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP dissectors. Jonathan Heusser discovered that a carefully-crafted RADIUS packet could cause Ethereal to crash. It was also found that a zero-length Presentation protocol selector could make Ethereal crash. Finally, a corrupt color filter file could cause a segmentation fault. It is possible, through the exploitation of some of these vulnerabilities, to cause Ethereal to crash or run arbitrary code by injecting a malicious, malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file. The updated packages bring Ethereal to version 0.10.3 which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14123 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14123 title Mandrake Linux Security Advisory : ethereal (MDKSA-2004:024)
Oval
accepted 2007-04-25T19:53:06.701-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Jay Beale organization Bastille Linux name Thomas R. Jones organization Maitreya Security
description The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference. family unix id oval:org.mitre.oval:def:879 status accepted submitted 2004-04-07T12:00:00.000-04:00 title Red Hat Ethereal Denial of Service via Malformed RADIUS Packet version 38 accepted 2007-04-25T19:53:07.785-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Jay Beale organization Bastille Linux name Jay Beale organization Bastille Linux name Thomas R. Jones organization Maitreya Security
description The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference. family unix id oval:org.mitre.oval:def:891 status accepted submitted 2004-04-08T12:00:00.000-04:00 title Red Hat Enterprise 3 Ethereal Denial of Service via Malformed RADIUS Packet version 38 accepted 2013-04-29T04:18:27.981-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference. family unix id oval:org.mitre.oval:def:9196 status accepted submitted 2010-07-09T03:56:16-04:00 title The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference. version 26
Redhat
advisories |
| ||||||||
rpms |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835
- http://marc.info/?l=bugtraq&m=108058005324316&w=2
- http://marc.info/?l=bugtraq&m=108058005324316&w=2
- http://marc.info/?l=bugtraq&m=108213710306260&w=2
- http://marc.info/?l=bugtraq&m=108213710306260&w=2
- http://marc.info/?l=ethereal-dev&m=107962966700423&w=2
- http://marc.info/?l=ethereal-dev&m=107962966700423&w=2
- http://secunia.com/advisories/11185
- http://secunia.com/advisories/11185
- http://security.gentoo.org/glsa/glsa-200403-07.xml
- http://security.gentoo.org/glsa/glsa-200403-07.xml
- http://www.ethereal.com/appnotes/enpa-sa-00013.html
- http://www.ethereal.com/appnotes/enpa-sa-00013.html
- http://www.kb.cert.org/vuls/id/124454
- http://www.kb.cert.org/vuls/id/124454
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:024
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:024
- http://www.redhat.com/support/errata/RHSA-2004-136.html
- http://www.redhat.com/support/errata/RHSA-2004-136.html
- http://www.redhat.com/support/errata/RHSA-2004-137.html
- http://www.redhat.com/support/errata/RHSA-2004-137.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15571
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15571
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A879
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A879
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A891
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A891
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9196
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9196