Vulnerabilities > CVE-2004-0365 - NULL Pointer Dereference vulnerability in Ethereal

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
ethereal
CWE-476
nessus
NVD
Published: 2004-05-04
Updated: 2024-02-14

Summary

The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.

Vulnerable Configurations

Part Description Count
Application
Ethereal
7

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_ETHEREAL_0103.NASL
    descriptionThe following package needs to be updated: ethereal
    last seen2016-09-26
    modified2011-10-03
    plugin id12537
    published2004-07-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=12537
    titleFreeBSD : multiple vulnerabilities in ethereal (40)
    code
    #%NASL_MIN_LEVEL 999999

# @DEPRECATED@
#
# This script has been deprecated by freebsd_pkg_cdf18ed97f4a11d896450020ed76ef5a.nasl.
#
# Disabled on 2011/10/02.
#

#
# (C) Tenable Network Security, Inc.
#
# This script contains information extracted from VuXML :
#
# Copyright 2003-2006 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#   copyright notice, this list of conditions and the following
#   disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#   published online in any format, converted to PDF, PostScript,
#   RTF and other formats) must reproduce the above copyright
#   notice, this list of conditions and the following disclaimer
#   in the documentation and/or other materials provided with the
#   distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
#

include('compat.inc');

if ( description )
{
 script_id(12537);
 script_version("1.15");
 script_bugtraq_id(9952);
 script_cve_id("CVE-2004-0367");
 script_cve_id("CVE-2004-0365");
 script_cve_id("CVE-2004-0176");

 script_name(english:"FreeBSD : multiple vulnerabilities in ethereal (40)");

script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');
script_set_attribute(attribute:'description', value:'The following package needs to be updated: ethereal');
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:'solution', value: 'Update the package on the remote host');
script_set_attribute(attribute: 'see_also', value: 'http://mozillanews.org/?article_date=2004-12-08+06-48-46
http://secunia.com/advisories/11185
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
http://security.e-matters.de/advisories/032004.html
http://www.ethereal.com/appnotes/enpa-sa-00013.html
http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
http://www.mozilla.org/security/announce/2006/mfsa2006-13.html
http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
http://www.mozilla.org/security/announce/2006/mfsa2006-17.html
https://bugzilla.mozilla.org/show_bug.cgi?id=103638
https://bugzilla.mozilla.org/show_bug.cgi?id=273699');
script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/cdf18ed9-7f4a-11d8-9645-0020ed76ef5a.html');

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/06");
 script_cvs_date("Date: 2018/08/22 16:49:14");
 script_end_attributes();
 script_summary(english:"Check for ethereal");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 family["english"] = "FreeBSD Local Security Checks";
 script_family(english:family["english"]);
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/FreeBSD/pkg_info");
 exit(0);
}

# Deprecated.
exit(0, "This plugin has been deprecated. Refer to plugin #38151 (freebsd_pkg_cdf18ed97f4a11d896450020ed76ef5a.nasl) instead.");

global_var cvss_score;
cvss_score=5;
include('freebsd_package.inc');


pkg_test(pkg:"ethereal<0.10.3");

pkg_test(pkg:"tethereal<0.10.3");
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-511.NASL
    descriptionSeveral buffer overflow vulnerabilities were discovered in ethereal, a network traffic analyzer. These vulnerabilities are described in the ethereal advisory
    last seen2020-06-01
    modified2020-06-02
    plugin id15348
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15348
    titleDebian DSA-511-1 : ethereal - buffer overflows
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-136.NASL
    descriptionUpdated Ethereal packages that fix various security vulnerabilities are now available. Ethereal is a program for monitoring network traffic. Stefan Esser reported that Ethereal versions 0.10.1 and earlier contain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors. On a system where Ethereal is being run a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0176 to this issue. Jonathan Heussser discovered that a carefully-crafted RADIUS packet could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0365 to this issue. Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0367 to this issue. Users of Ethereal should upgrade to these updated packages, which contain a version of Ethereal that is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id12482
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12482
    titleRHEL 2.1 / 3 : ethereal (RHSA-2004:136)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200403-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200403-07 (Multiple remote overflows and vulnerabilities in Ethereal) There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including: Thirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP. A zero-length Presentation protocol selector could make Ethereal crash. A vulnerability in the RADIUS packet dissector which may crash ethereal. A corrupt color filter file could cause a segmentation fault. Impact : These vulnerabilities may cause Ethereal to crash or may allow an attacker to run arbitrary code on the user
    last seen2020-06-01
    modified2020-06-02
    plugin id14458
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14458
    titleGLSA-200403-07 : Multiple remote overflows and vulnerabilities in Ethereal
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CDF18ED97F4A11D896450020ED76EF5A.NASL
    descriptionStefan Esser of e-matters Security discovered a baker
    last seen2020-06-01
    modified2020-06-02
    plugin id38151
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38151
    titleFreeBSD : multiple vulnerabilities in ethereal (cdf18ed9-7f4a-11d8-9645-0020ed76ef5a)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-024.NASL
    descriptionA number of serious issues have been discovered in versions of Ethereal prior to 0.10.2. Stefan Esser discovered thirteen buffer overflows in the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP dissectors. Jonathan Heusser discovered that a carefully-crafted RADIUS packet could cause Ethereal to crash. It was also found that a zero-length Presentation protocol selector could make Ethereal crash. Finally, a corrupt color filter file could cause a segmentation fault. It is possible, through the exploitation of some of these vulnerabilities, to cause Ethereal to crash or run arbitrary code by injecting a malicious, malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file. The updated packages bring Ethereal to version 0.10.3 which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id14123
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14123
    titleMandrake Linux Security Advisory : ethereal (MDKSA-2004:024)

Oval

  • accepted2007-04-25T19:53:06.701-04:00
    classvulnerability
    contributors
    • nameJay Beale
      organizationBastille Linux
    • nameJay Beale
      organizationBastille Linux
    • nameThomas R. Jones
      organizationMaitreya Security
    descriptionThe dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.
    familyunix
    idoval:org.mitre.oval:def:879
    statusaccepted
    submitted2004-04-07T12:00:00.000-04:00
    titleRed Hat Ethereal Denial of Service via Malformed RADIUS Packet
    version38
  • accepted2007-04-25T19:53:07.785-04:00
    classvulnerability
    contributors
    • nameJay Beale
      organizationBastille Linux
    • nameJay Beale
      organizationBastille Linux
    • nameJay Beale
      organizationBastille Linux
    • nameThomas R. Jones
      organizationMaitreya Security
    descriptionThe dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.
    familyunix
    idoval:org.mitre.oval:def:891
    statusaccepted
    submitted2004-04-08T12:00:00.000-04:00
    titleRed Hat Enterprise 3 Ethereal Denial of Service via Malformed RADIUS Packet
    version38
  • accepted2013-04-29T04:18:27.981-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    descriptionThe dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.
    familyunix
    idoval:org.mitre.oval:def:9196
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleThe dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.
    version26

Redhat

advisories
  • rhsa
    idRHSA-2004:136
  • rhsa
    idRHSA-2004:137
rpms
  • ethereal-0:0.10.3-0.30E.1
  • ethereal-gnome-0:0.10.3-0.30E.1

References