Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1356

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1356
Last Modified 05 Sep 2008 04:30:22
Published 23 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1356

Summary

Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possibly related to a missing field for EndVerifyAck messages.

Vulnerable Systems

Application

  • Ethereal Group Ethereal 0.9.7


References

REDHAT - RHSA-2002:290

CONFIRM - http://www.ethereal.com/appnotes/enpa-sa-00007.html

CONFIRM - http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-lmp.c#rev1.13


Last Updated: 27 May 2016 10:37:18