Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0081

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0081
Last Modified 05 Sep 2008 04:33:25
Published 18 Mar 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0081

Summary

Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.

Vulnerable Systems

Application

  • Ethereal Group Ethereal 0.8.18

  • Ethereal Group Ethereal 0.9.0

  • Ethereal Group Ethereal 0.9.1

  • Ethereal Group Ethereal 0.9.2

  • Ethereal Group Ethereal 0.9.3

  • Ethereal Group Ethereal 0.9.4

  • Ethereal Group Ethereal 0.9.5

  • Ethereal Group Ethereal 0.9.6

  • Ethereal Group Ethereal 0.9.7

  • Ethereal Group Ethereal 0.9.8

  • Ethereal Group Ethereal 0.9.9


References

BID - 7049

MISC - http://www.guninski.com/etherre.html

CONFIRM - http://www.ethereal.com/appnotes/enpa-sa-00008.html

DEBIAN - DSA-258

XF - ethereal-socks-format-string(11497)

REDHAT - RHSA-2003:077

REDHAT - RHSA-2003:076

SUSE - SuSE-SA:2003:019

GENTOO - GLSA-200303-10

FULLDISC - 20030308 Ethereal format string bug, yet still ethereal much better than windows

MANDRAKE - MDKSA-2003:051

CONECTIVA - CLSA-2003:627


Last Updated: 27 May 2016 10:37:46