Vulnerabilities > CVE-2004-0505
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 | |
| Application | 2 |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_74D06B67D2CF11D8B47902E0185C0B53.NASL description Issues have been discovered in multiple protocol dissectors. last seen 2020-06-01 modified 2020-06-02 plugin id 37398 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37398 title FreeBSD : multiple vulnerabilities in ethereal (74d06b67-d2cf-11d8-b479-02e0185c0b53) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200406-01.NASL description The remote host is affected by the vulnerability described in GLSA-200406-01 (Ethereal: Multiple security problems) There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.4, including: A buffer overflow in the MMSE dissector. Under specific conditions a SIP packet could make Ethereal crash. The AIM dissector could throw an assertion, causing Ethereal to crash. The SPNEGO dissector could dereference a NULL pointer, causing a crash. Impact : An attacker could use these vulnerabilities to crash Ethereal or even execute arbitrary code with the permissions of the user running Ethereal, which could be the root user. Workaround : For a temporary workaround you can disable all affected protocol dissectors by selecting Analyze->Enabled Protocols... and deselecting them from the list. However, it is strongly recommended to upgrade to the latest stable release. last seen 2020-06-01 modified 2020-06-02 plugin id 14512 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14512 title GLSA-200406-01 : Ethereal: Multiple security problems NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-234.NASL description Updated Ethereal packages that fix various security vulnerabilities are now available. Ethereal is a program for monitoring network traffic. The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3 contained a buffer overflow flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0507 to this issue. In addition, other flaws in Ethereal prior to 0.10.4 were found that could cause it to crash in response to carefully crafted SIP (CVE-2004-0504), AIM (CVE-2004-0505), or SPNEGO (CVE-2004-0506) packets. Users of Ethereal should upgrade to these updated packages, which contain backported security patches that correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 12501 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12501 title RHEL 2.1 / 3 : ethereal (RHSA-2004:234) NASL family FreeBSD Local Security Checks NASL id FREEBSD_ETHEREAL_0104.NASL description The following package needs to be updated: ethereal last seen 2016-09-26 modified 2011-10-03 plugin id 12645 published 2004-07-11 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=12645 title FreeBSD : multiple vulnerabilities in ethereal (41)
Oval
accepted 2013-04-29T04:19:23.074-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors. family unix id oval:org.mitre.oval:def:9433 status accepted submitted 2010-07-09T03:56:16-04:00 title The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors. version 26 accepted 2004-07-12T12:00:00.000-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux description The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors. family unix id oval:org.mitre.oval:def:986 status accepted submitted 2004-06-10T12:00:00.000-04:00 title Ethereal AIM Dissector Vulnerability version 4
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://www.securityfocus.com/bid/10347
- http://security.gentoo.org/glsa/glsa-200406-01.xml
- http://www.redhat.com/support/errata/RHSA-2004-234.html
- http://www.ethereal.com/appnotes/enpa-sa-00014.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916
- ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
- http://www.ciac.org/ciac/bulletins/o-150.shtml
- http://www.osvdb.org/6132
- http://securitytracker.com/id?1010158
- http://secunia.com/advisories/11608
- http://secunia.com/advisories/11776
- http://secunia.com/advisories/11836
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16150
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A986
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9433