Vulnerabilities > CVE-2004-0504
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 | |
| Application | 2 |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_74D06B67D2CF11D8B47902E0185C0B53.NASL description Issues have been discovered in multiple protocol dissectors. last seen 2020-06-01 modified 2020-06-02 plugin id 37398 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37398 title FreeBSD : multiple vulnerabilities in ethereal (74d06b67-d2cf-11d8-b479-02e0185c0b53) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200406-01.NASL description The remote host is affected by the vulnerability described in GLSA-200406-01 (Ethereal: Multiple security problems) There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.4, including: A buffer overflow in the MMSE dissector. Under specific conditions a SIP packet could make Ethereal crash. The AIM dissector could throw an assertion, causing Ethereal to crash. The SPNEGO dissector could dereference a NULL pointer, causing a crash. Impact : An attacker could use these vulnerabilities to crash Ethereal or even execute arbitrary code with the permissions of the user running Ethereal, which could be the root user. Workaround : For a temporary workaround you can disable all affected protocol dissectors by selecting Analyze->Enabled Protocols... and deselecting them from the list. However, it is strongly recommended to upgrade to the latest stable release. last seen 2020-06-01 modified 2020-06-02 plugin id 14512 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14512 title GLSA-200406-01 : Ethereal: Multiple security problems NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-234.NASL description Updated Ethereal packages that fix various security vulnerabilities are now available. Ethereal is a program for monitoring network traffic. The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3 contained a buffer overflow flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0507 to this issue. In addition, other flaws in Ethereal prior to 0.10.4 were found that could cause it to crash in response to carefully crafted SIP (CVE-2004-0504), AIM (CVE-2004-0505), or SPNEGO (CVE-2004-0506) packets. Users of Ethereal should upgrade to these updated packages, which contain backported security patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 12501 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12501 title RHEL 2.1 / 3 : ethereal (RHSA-2004:234) NASL family FreeBSD Local Security Checks NASL id FREEBSD_ETHEREAL_0104.NASL description The following package needs to be updated: ethereal last seen 2016-09-26 modified 2011-10-03 plugin id 12645 published 2004-07-11 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=12645 title FreeBSD : multiple vulnerabilities in ethereal (41)
Oval
accepted 2013-04-29T04:22:01.222-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients. family unix id oval:org.mitre.oval:def:9769 status accepted submitted 2010-07-09T03:56:16-04:00 title Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients. version 26 accepted 2004-07-12T12:00:00.000-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux description Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients. family unix id oval:org.mitre.oval:def:982 status accepted submitted 2004-06-10T12:00:00.000-04:00 title Ethereal Denial of Service via SIP Messages version 4
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://security.gentoo.org/glsa/glsa-200406-01.xml
- http://www.securityfocus.com/bid/10347
- http://www.redhat.com/support/errata/RHSA-2004-234.html
- http://www.ethereal.com/appnotes/enpa-sa-00014.html
- http://www.ethereal.com/lists/ethereal-users/200405/msg00018.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916
- ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
- http://www.ciac.org/ciac/bulletins/o-150.shtml
- http://www.osvdb.org/6131
- http://securitytracker.com/id?1010158
- http://secunia.com/advisories/11608
- http://secunia.com/advisories/11776
- http://secunia.com/advisories/11836
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16148
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A982
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9769