VuXML: ethereal -- multiple protocol dissectors vulnerabilities

Affected packages

0.8.10

ethereal

0.10.9

0.8.10

ethereal-lite

0.10.9

0.8.10

tethereal

0.10.9

0.8.10

tethereal-lite

0.10.9

Details

VuXML ID	831a6a66-79fa-11d9-a9e7-0001020eed82
Discovery	2005-01-18
Entry	2005-02-08

VuXML ID

831a6a66-79fa-11d9-a9e7-0001020eed82

Discovery

2005-01-18

Entry

2005-02-08

An Ethreal Security Advisories reports:

Issues have been discovered in the following protocol dissectors:

The COPS dissector could go into an infinite loop. CVE: CAN-2005-0006

The DLSw dissector could cause an assertion. CVE: CAN-2005-0007

The DNP dissector could cause memory corruption. CVE: CAN-2005-0008

The Gnutella dissector could cuase an assertion. CVE: CAN-2005-0009

The MMSE dissector could free statically-allocated memory. CVE: CAN-2005-0010

The X11 dissector is vulnerable to a string buffer overflow. CVE: CAN-2005-0084

Impact: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

[source]

References

Bugtraq ID

12326

CVE Name

CVE-2005-0006

CVE Name

CVE-2005-0007

CVE Name

CVE-2005-0008

CVE Name

CVE-2005-0009

CVE Name

CVE-2005-0010

CVE Name

CVE-2005-0084

URL

http://www.ethereal.com/appnotes/enpa-sa-00017.html