Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0356

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0356
Last Modified 10 Sep 2008 03:18:43
Published 09 Jun 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0356

Summary

Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.

Vulnerable Systems

Application

  • Ethereal Group Ethereal 0.9.11


References

CERT-VN - VU#641013

CONFIRM - http://www.ethereal.com/appnotes/enpa-sa-00009.html

DEBIAN - DSA-313

REDHAT - RHSA-2003:077

MANDRAKE - MDKSA-2003:067


Last Updated: 27 May 2016 10:37:52