Vulnerabilities > CVE-2005-2367 - Unspecified vulnerability in Ethereal Group Ethereal

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ethereal-group
nessus
exploit available

Summary

Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.

Exploit-Db

descriptionEthereal 10.x AFP Protocol Dissector Remote Format String Exploit. CVE-2005-2367. Remote exploit for linux platform
idEDB-ID:1139
last seen2016-01-31
modified2005-08-06
published2005-08-06
reportervade79
sourcehttps://www.exploit-db.com/download/1139/
titleEthereal 10.x AFP Protocol Dissector Remote Format String Exploit

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-655.NASL
    description - Wed Jul 27 2005 Jindrich Novy <jnovy at redhat.com> 0.10.12-1.FC4.1 - update to 0.10.12 - package /usr/sbin/randpkt - sync with cleanup patch (most of it applied upstream) - the new release fixes CVE-2005-2361 up to CVE-2005-2367 - Mon May 30 2005 Radek Vokal <rvokal at redhat.com> 0.10.11-3 - ethereal cleanup, patch by Steve Grubb <sgrubb at redhat.com> (#159107) - few more cleanups Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19321
    published2005-07-31
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19321
    titleFedora Core 4 : ethereal-0.10.12-1.FC4.1 (2005-655)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-687.NASL
    descriptionUpdated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ethereal package is a program for monitoring network traffic. A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws and cause Ethereal to crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2360, CVE-2005-2361, CVE-2005-2362, CVE-2005-2363, CVE-2005-2364, CVE-2005-2365, CVE-2005-2366, and CVE-2005-2367 to these issues. Users of ethereal should upgrade to these updated packages, which contain version 0.10.12 which is not vulnerable to these issues. Note: To reduce the risk of future vulnerabilities in Ethereal, the ethereal and tethereal programs in this update have been compiled as Position Independent Executables (PIE) for Red Hat Enterprise Linux 3 and 4. In addition FORTIFY_SOURCE has been enabled for Red Hat Enterprise Linux 4 packages to provide compile time and runtime buffer checks.
    last seen2020-06-01
    modified2020-06-02
    plugin id21850
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21850
    titleCentOS 3 / 4 : ethereal (CESA-2005:687)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-131.NASL
    descriptionA number of vulnerabilities were discovered in versions of Ethereal prior to version 0.10.12, including : The SMB dissector could overflow a buffer or exhaust memory (CVE-2005-2365). iDefense discovered that several dissectors are vulnerable to format string overflows (CVE-2005-2367). A number of other portential crash issues in various dissectors have also been corrected. This update provides Ethereal 0.10.12 which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19891
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19891
    titleMandrake Linux Security Advisory : ethereal (MDKSA-2005:131)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-853.NASL
    descriptionSeveral security problems have been discovered in ethereal, a commonly used network traffic analyser. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2360 Memory allocation errors in the LDAP dissector can cause a denial of service. - CAN-2005-2361 Various errors in the AgentX, PER, DOCSIS, RADIUS, Telnet, IS-IS, HTTP, DCERPC, DHCP and SCTP dissectors can cause a denial of service. - CAN-2005-2363 Various errors in the SMPP, 802.3, H1 and DHCP dissectors can cause a denial of service. - CAN-2005-2364 NULL pointer dereferences in the WBXML and GIOP dissectors can cause a denial of service. - CAN-2005-2365 A buffer overflow and NULL pointer dereferences in the SMB dissector can cause a denial of service. - CAN-2005-2366 Wrong address calculation in the BER dissector can cause an infinite loop or abortion. - CAN-2005-2367 Format string vulnerabilities in several dissectors allow remote attackers to write to arbitrary memory locations and thus gain privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id19961
    published2005-10-11
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19961
    titleDebian DSA-853-1 : ethereal - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-651.NASL
    description - Thu Jul 28 2005 Jindrich Novy <jnovy at redhat.com> 0.10.12-1.FC3.1 - update to 0.10.12 - package /usr/sbin/randpkt - sync with cleanup patch (most of it applied upstream) - the new release fixes CVE-2005-2361 up to CVE-2005-2367 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19320
    published2005-07-31
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19320
    titleFedora Core 3 : ethereal-0.10.12-1.FC3.1 (2005-651)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200507-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200507-27 (Ethereal: Multiple vulnerabilities) There are numerous vulnerabilities in versions of Ethereal prior to 0.10.12, including: The SMB dissector could overflow a buffer or exhaust memory (CAN-2005-2365). iDEFENSE discovered that several dissectors are vulnerable to format string overflows (CAN-2005-2367). Additionally multiple potential crashes in many dissectors have been fixed, see References for further details. Impact : An attacker might be able to use these vulnerabilities to crash Ethereal or execute arbitrary code with the permissions of the user running Ethereal, which could be the root user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id19329
    published2005-07-31
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19329
    titleGLSA-200507-27 : Ethereal: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-687.NASL
    descriptionUpdated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ethereal package is a program for monitoring network traffic. A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws and cause Ethereal to crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2360, CVE-2005-2361, CVE-2005-2362, CVE-2005-2363, CVE-2005-2364, CVE-2005-2365, CVE-2005-2366, and CVE-2005-2367 to these issues. Users of ethereal should upgrade to these updated packages, which contain version 0.10.12 which is not vulnerable to these issues. Note: To reduce the risk of future vulnerabilities in Ethereal, the ethereal and tethereal programs in this update have been compiled as Position Independent Executables (PIE) for Red Hat Enterprise Linux 3 and 4. In addition FORTIFY_SOURCE has been enabled for Red Hat Enterprise Linux 4 packages to provide compile time and runtime buffer checks.
    last seen2020-06-01
    modified2020-06-02
    plugin id19424
    published2005-08-12
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19424
    titleRHEL 2.1 / 3 / 4 : ethereal (RHSA-2005:687)

Oval

accepted2013-04-29T04:08:30.972-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionFormat string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.
familyunix
idoval:org.mitre.oval:def:10765
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleFormat string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.
version26

Redhat

advisories
rhsa
idRHSA-2005:687
rpms
  • ethereal-0:0.10.12-1.EL3.1
  • ethereal-debuginfo-0:0.10.12-1.EL3.1
  • ethereal-gnome-0:0.10.12-1.EL3.1