National Cyber Awareness System

Vulnerability Summary for CVE-2004-0176

Overview

Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.

Impact

CVSS Severity (version 2.0 incomplete approximation):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#931588

Name: VU#931588

Hyperlink:http://www.kb.cert.org/vuls/id/931588

US-CERT Vulnerability Note: VU#864884

Name: VU#864884

Hyperlink:http://www.kb.cert.org/vuls/id/864884

US-CERT Vulnerability Note: VU#740188

Name: VU#740188

Hyperlink:http://www.kb.cert.org/vuls/id/740188

US-CERT Vulnerability Note: VU#659140

Name: VU#659140

Hyperlink:http://www.kb.cert.org/vuls/id/659140

US-CERT Vulnerability Note: VU#644886

Name: VU#644886

Hyperlink:http://www.kb.cert.org/vuls/id/644886

US-CERT Vulnerability Note: VU#591820

Name: VU#591820

Hyperlink:http://www.kb.cert.org/vuls/id/591820

US-CERT Vulnerability Note: VU#433596

Name: VU#433596

Hyperlink:http://www.kb.cert.org/vuls/id/433596

US-CERT Vulnerability Note: VU#125156

Name: VU#125156

Hyperlink:http://www.kb.cert.org/vuls/id/125156

US-CERT Vulnerability Note: VU#119876

Name: VU#119876

Hyperlink:http://www.kb.cert.org/vuls/id/119876

External Source: DEBIAN

Name: DSA-511

Type: Advisory; Patch Information

Hyperlink:http://www.debian.org/security/2004/dsa-511

External Source: BUGTRAQ

Name: 20040329 LNSA-#2004-0007: Multiple security problems in Ethereal

Type: Advisory; Patch Information

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=108058005324316&w=2

External Source: XF

Name: ethereal-multiple-dissectors-bo(15569)

Type: Advisory

Hyperlink:http://xforce.iss.net/xforce/xfdb/15569

External Source: REDHAT

Name: RHSA-2004:137

Hyperlink:http://www.redhat.com/support/errata/RHSA-2004-137.html

External Source: REDHAT

Name: RHSA-2004:136

Hyperlink:http://www.redhat.com/support/errata/RHSA-2004-136.html

External Source: CONFIRM

Name: http://www.ethereal.com/appnotes/enpa-sa-00013.html

Hyperlink:http://www.ethereal.com/appnotes/enpa-sa-00013.html

External Source: GENTOO

Name: GLSA-200403-07

Hyperlink:http://security.gentoo.org/glsa/glsa-200403-07.xml

External Source: MISC

Name: http://security.e-matters.de/advisories/032004.html

Hyperlink:http://security.e-matters.de/advisories/032004.html

External Source: SECUNIA

Name: 11185

Hyperlink:http://secunia.com/advisories/11185

External Source: OVAL

Name: oval:org.mitre.oval:def:10187

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10187

External Source: BUGTRAQ

Name: 20040323 Advisory 03/2004: Multiple (13) Ethereal remote overflows

Type: Advisory

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=108007072215742&w=2

External Source: OSVDB

Name: 6893

Hyperlink:http://www.osvdb.org/6893

External Source: MANDRAKE

Name: MDKSA-2004:024

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2004:024

External Source: BUGTRAQ

Name: 20040416 [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal)

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=108213710306260&w=2

External Source: CONECTIVA

Name: CLA-2004:835

Hyperlink:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835

US Government Resource: oval:org.mitre.oval:def:887

Name: oval:org.mitre.oval:def:887

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:887

US Government Resource: oval:org.mitre.oval:def:878

Name: oval:org.mitre.oval:def:878

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:878

References to Check Content

Identifier:oval:org.mitre.oval:def:878

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:878

Identifier:oval:org.mitre.oval:def:10187

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10187

Identifier:oval:org.mitre.oval:def:887

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:887