CVE-2003-0432

Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.ethereal.com/appnotes/enpa-sa-00010.html	Patch Vendor Advisory
http://www.debian.org/security/2003/dsa-324	Patch Vendor Advisory
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
http://secunia.com/advisories/9007
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
http://www.redhat.com/support/errata/RHSA-2003-077.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*

Information

Published : 2003-07-23 21:00

Updated : 2017-10-10 18:29

NVD link : CVE-2003-0432

Mitre link : CVE-2003-0432

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

ethereal_group

ethereal

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "name": "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2003/dsa-324", "name": "DSA-324", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt", "name": "CSSA-2003-030.0", "tags": [], "refsource": "SCO"}, {"url": "http://secunia.com/advisories/9007", "name": "9007", "tags": [], "refsource": "SECUNIA"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662", "name": "CLA-2003:662", "tags": [], "refsource": "CONECTIVA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-077.html", "name": "RHSA-2003:077", "tags": [], "refsource": "REDHAT"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106", "name": "oval:org.mitre.oval:def:106", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0432", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-07-24T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.9.12"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:29Z"}