Vulnerabilities > CVE-2005-0739 - Numeric Errors vulnerability in Ethereal Group Ethereal
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Ethereal. CVE-2005-0739. Dos exploit for windows platform |
| id | EDB-ID:874 |
| last seen | 2016-01-31 |
| modified | 2005-03-12 |
| published | 2005-03-12 |
| reporter | Leon Juranic |
| source | https://www.exploit-db.com/download/874/ |
| title | Ethereal <= 0.10.9 - "3G-A11" - Remote Buffer Overflow Exploit 2 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-718.NASL description [ This version lists the correct packages in the packages section. ] A buffer overflow has been detected in the IAPP dissector of Ethereal, a commonly used network traffic analyser. A remote attacker may be able to overflow a buffer using a specially crafted packet. More problems have been discovered which don last seen 2020-06-01 modified 2020-06-02 plugin id 18157 published 2005-04-29 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18157 title Debian DSA-718-2 : ethereal - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-718. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(18157); script_version("1.27"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2005-0739"); script_xref(name:"DSA", value:"718"); script_name(english:"Debian DSA-718-2 : ethereal - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "[ This version lists the correct packages in the packages section. ] A buffer overflow has been detected in the IAPP dissector of Ethereal, a commonly used network traffic analyser. A remote attacker may be able to overflow a buffer using a specially crafted packet. More problems have been discovered which don't apply to the version in woody but are fixed in sid as well." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-718" ); script_set_attribute( attribute:"solution", value: "Upgrade the ethereal packages. For the stable distribution (woody) this problem has been fixed in version 0.9.4-1woody12." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ethereal"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"ethereal", reference:"0.9.4-1woody12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200503-16.NASL description The remote host is affected by the vulnerability described in GLSA-200503-16 (Ethereal: Multiple vulnerabilities) There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.10, including: The Etheric, 3GPP2 A11 and IAPP dissectors are vulnerable to buffer overflows (CAN-2005-0704, CAN-2005-0699 and CAN-2005-0739). The GPRS-LLC could crash when the last seen 2020-06-01 modified 2020-06-02 plugin id 17318 published 2005-03-14 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17318 title GLSA-200503-16 : Ethereal: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200503-16. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(17318); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-0699", "CVE-2005-0704", "CVE-2005-0705", "CVE-2005-0739", "CVE-2005-0765", "CVE-2005-0766"); script_xref(name:"GLSA", value:"200503-16"); script_name(english:"GLSA-200503-16 : Ethereal: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200503-16 (Ethereal: Multiple vulnerabilities) There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.10, including: The Etheric, 3GPP2 A11 and IAPP dissectors are vulnerable to buffer overflows (CAN-2005-0704, CAN-2005-0699 and CAN-2005-0739). The GPRS-LLC could crash when the 'ignore cipher bit' option is enabled (CAN-2005-0705). Various vulnerabilities in JXTA and sFlow dissectors. Impact : An attacker might be able to use these vulnerabilities to crash Ethereal and execute arbitrary code with the permissions of the user running Ethereal, which could be the root user. Workaround : For a temporary workaround you can disable all affected protocol dissectors. However, it is strongly recommended that you upgrade to the latest stable version." ); # http://www.ethereal.com/appnotes/enpa-sa-00018.html script_set_attribute( attribute:"see_also", value:"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00018.html" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200503-16" ); script_set_attribute( attribute:"solution", value: "All Ethereal users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/ethereal-0.10.10'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ethereal"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-analyzer/ethereal", unaffected:make_list("ge 0.10.10"), vulnerable:make_list("lt 0.10.10"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Ethereal"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-053.NASL description A number of issues were discovered in Ethereal versions prior to 0.10.10, which is provided by this update. Matevz Pustisek discovered a buffer overflow in the Etheric dissector (CVE-2005-0704); the GPRS-LLC dissector could crash if the last seen 2020-06-01 modified 2020-06-02 plugin id 17331 published 2005-03-16 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17331 title Mandrake Linux Security Advisory : ethereal (MDKSA-2005:053) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:053. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(17331); script_version ("1.20"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2005-0699", "CVE-2005-0704", "CVE-2005-0705", "CVE-2005-0739", "CVE-2005-0765", "CVE-2005-0766"); script_xref(name:"MDKSA", value:"2005:053"); script_name(english:"Mandrake Linux Security Advisory : ethereal (MDKSA-2005:053)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A number of issues were discovered in Ethereal versions prior to 0.10.10, which is provided by this update. Matevz Pustisek discovered a buffer overflow in the Etheric dissector (CVE-2005-0704); the GPRS-LLC dissector could crash if the 'ignore cipher bit' was enabled (CVE-2005-0705); Diego Giago found a buffer overflow in the 3GPP2 A11 dissector (CVE-2005-0699); Leon Juranic found a buffer overflow in the IAPP dissector (CVE-2005-0739); and bugs in the JXTA and sFlow dissectors could make Ethereal crash." ); # http://www.ethereal.com/appnotes/enpa-sa-00018.html script_set_attribute( attribute:"see_also", value:"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00018.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ethereal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ethereal-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ethereal0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libethereal0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tethereal"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"ethereal-0.10.10-0.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"ethereal-0.10.10-0.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"ethereal-tools-0.10.10-0.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64ethereal0-0.10.10-0.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libethereal0-0.10.10-0.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"tethereal-0.10.10-0.1.101mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_CB47036894D211D9A9E00001020EED82.NASL description An Ethreal Security Advisories reports : Issues have been discovered in the following protocol dissectors : - Matevz Pustisek discovered a buffer overflow in the Etheric dissector. CVE: CAN-2005-0704 - The GPRS-LLC dissector could crash if the last seen 2020-06-01 modified 2020-06-02 plugin id 19120 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19120 title FreeBSD : ethereal -- multiple protocol dissectors vulnerabilities (cb470368-94d2-11d9-a9e0-0001020eed82) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(19120); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:37"); script_cve_id("CVE-2005-0699", "CVE-2005-0704", "CVE-2005-0705", "CVE-2005-0739"); script_bugtraq_id(12759); script_name(english:"FreeBSD : ethereal -- multiple protocol dissectors vulnerabilities (cb470368-94d2-11d9-a9e0-0001020eed82)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "An Ethreal Security Advisories reports : Issues have been discovered in the following protocol dissectors : - Matevz Pustisek discovered a buffer overflow in the Etheric dissector. CVE: CAN-2005-0704 - The GPRS-LLC dissector could crash if the 'ignore cipher bit' option was enabled. CVE: CAN-2005-0705 - Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector. This flaw was later reported by Leon Juranic. CVE: CAN-2005-0699 - Leon Juranic discovered a buffer overflow in the IAPP dissector. CVE: CAN-2005-0739 - A bug in the JXTA dissector could make Ethereal crash. - A bug in the sFlow dissector could make Ethereal crash." ); # http://www.ethereal.com/appnotes/enpa-sa-00018.html script_set_attribute( attribute:"see_also", value:"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00018.html" ); # https://vuxml.freebsd.org/freebsd/cb470368-94d2-11d9-a9e0-0001020eed82.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6d989e18" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ethereal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ethereal-lite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:tethereal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:tethereal-lite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/09"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"ethereal>=0.9.1<0.10.10")) flag++; if (pkg_test(save_report:TRUE, pkg:"ethereal-lite>=0.9.1<0.10.10")) flag++; if (pkg_test(save_report:TRUE, pkg:"tethereal>=0.9.1<0.10.10")) flag++; if (pkg_test(save_report:TRUE, pkg:"tethereal-lite>=0.9.1<0.10.10")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-306.NASL description Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ethereal package is a program for monitoring network traffic. A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws and cause Ethereal to crash or potentially execute arbitrary code. A buffer overflow flaw was discovered in the Etheric dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0704 to this issue. The GPRS-LLC dissector could crash if the last seen 2020-06-01 modified 2020-06-02 plugin id 17366 published 2005-03-18 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17366 title RHEL 2.1 / 3 / 4 : ethereal (RHSA-2005:306) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:306. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(17366); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-0699", "CVE-2005-0704", "CVE-2005-0705", "CVE-2005-0739", "CVE-2005-0765", "CVE-2005-0766"); script_xref(name:"RHSA", value:"2005:306"); script_name(english:"RHEL 2.1 / 3 / 4 : ethereal (RHSA-2005:306)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ethereal package is a program for monitoring network traffic. A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws and cause Ethereal to crash or potentially execute arbitrary code. A buffer overflow flaw was discovered in the Etheric dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0704 to this issue. The GPRS-LLC dissector could crash if the 'ignore cipher bit' option was set. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0705 to this issue. A buffer overflow flaw was discovered in the 3GPP2 A11 dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0699 to this issue. A buffer overflow flaw was discovered in the IAPP dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0739 to this issue. Users of ethereal should upgrade to these updated packages, which contain version 0.10.10 and are not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0699" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0704" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0705" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0739" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0765" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-0766" ); # http://www.ethereal.com/appnotes/enpa-sa-00018.html script_set_attribute( attribute:"see_also", value:"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00018.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:306" ); script_set_attribute( attribute:"solution", value:"Update the affected ethereal and / or ethereal-gnome packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ethereal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ethereal-gnome"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/08"); script_set_attribute(attribute:"patch_publication_date", value:"2005/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:306"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ethereal-0.10.10-1.AS21.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ethereal-gnome-0.10.10-1.AS21.1")) flag++; if (rpm_check(release:"RHEL3", reference:"ethereal-0.10.10-1.EL3.1")) flag++; if (rpm_check(release:"RHEL3", reference:"ethereal-gnome-0.10.10-1.EL3.1")) flag++; if (rpm_check(release:"RHEL4", reference:"ethereal-0.10.10-1.EL4.1")) flag++; if (rpm_check(release:"RHEL4", reference:"ethereal-gnome-0.10.10-1.EL4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ethereal / ethereal-gnome"); } }
Oval
| accepted | 2013-04-29T04:21:21.568-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9687 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://www.ethereal.com/appnotes/enpa-sa-00018.html
- http://www.debian.org/security/2005/dsa-718
- http://www.gentoo.org/security/en/glsa/glsa-200503-16.xml
- http://www.redhat.com/support/errata/RHSA-2005-306.html
- http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
- http://www.securityfocus.com/bid/12762
- http://security.lss.hr/index.php?page=details&ID=LSS-2005-03-05
- http://anonsvn.ethereal.com/viewcvs/viewcvs.py?view=rev&rev=13707
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:053
- http://marc.info/?l=bugtraq&m=111066805726551&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9687