CVE-2003-0356

Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.ethereal.com/appnotes/enpa-sa-00009.html	Patch Vendor Advisory
http://www.debian.org/security/2003/dsa-313	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/641013	US Government Resource
http://www.redhat.com/support/errata/RHSA-2003-077.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*

Information

Published : 2003-06-08 21:00

Updated : 2017-10-10 18:29

NVD link : CVE-2003-0356

Mitre link : CVE-2003-0356

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

ethereal_group

ethereal

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ethereal.com/appnotes/enpa-sa-00009.html", "name": "http://www.ethereal.com/appnotes/enpa-sa-00009.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2003/dsa-313", "name": "DSA-313", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.kb.cert.org/vuls/id/641013", "name": "VU#641013", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-077.html", "name": "RHSA-2003:077", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:067", "name": "MDKSA-2003:067", "tags": [], "refsource": "MANDRAKE"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69", "name": "oval:org.mitre.oval:def:69", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0356", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-06-09T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.9.11"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:29Z"}