CVE-2003-0432
https://notcve.org/view.php?id=CVE-2003-0432
Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors. Ethereal 0.9.12 y anteriores no maneja ciertas cadenas adecuadamente, con consecuencias desconocidas, en los disectores (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI. • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662 http://secunia.com/advisories/9007 http://www.debian.org/security/2003/dsa-324 http://www.ethereal.com/appnotes/enpa-sa-00010.html http://www.redhat.com/support/errata/RHSA-2003-077.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106 https://access.redhat.com/security/cve/CVE-2003-0432 https://bugzilla •
CVE-2003-0357
https://notcve.org/view.php?id=CVE-2003-0357
Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors. Múltiples vulnerabilidades de desbordamiento de búfer en Ethereal 0.9.11 y anteriores permiten que atacantes remotos provoquen una denegación de servicio y posiblemente ejecuten código arbitrario mediante los disectores (1) Mount y (2) PPP • http://rhn.redhat.com/errata/RHSA-2003-077.html http://www.debian.org/security/2003/dsa-313 http://www.ethereal.com/appnotes/enpa-sa-00009.html http://www.kb.cert.org/vuls/id/232164 http://www.kb.cert.org/vuls/id/361700 http://www.mandriva.com/security/advisories?name=MDKSA-2003:067 http://www.securityfocus.com/bid/7494 http://www.securityfocus.com/bid/7495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A73 https://access& •
CVE-2003-0356
https://notcve.org/view.php?id=CVE-2003-0356
Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions. Múltiples vulnerabilidades off-by-one en Ethereal 0.9.11 y anteriores permiten que atacantes remotos provoquen una denegación de servicio y posiblemente ejecuten código arbitrario mediante disectores (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, y (11) TSP, ya que no están usando apropiadamente las funciones tvb_get_nstringz y tvb_get_nstringz0. • http://www.debian.org/security/2003/dsa-313 http://www.ethereal.com/appnotes/enpa-sa-00009.html http://www.kb.cert.org/vuls/id/641013 http://www.mandriva.com/security/advisories?name=MDKSA-2003:067 http://www.redhat.com/support/errata/RHSA-2003-077.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69 https://access.redhat.com/security/cve/CVE-2003-0356 https://bugzilla.redhat.com/show_bug.cgi?id=1617020 • CWE-193: Off-by-one Error •
CVE-2003-0159
https://notcve.org/view.php?id=CVE-2003-0159
Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. • http://marc.info/?l=bugtraq&m=104741640924709&w=2 http://www.ethereal.com/appnotes/enpa-sa-00008.html http://www.mandriva.com/security/advisories?name=MDKSA-2003:051 http://www.novell.com/linux/security/advisories/2003_019_ethereal.html http://www.redhat.com/support/errata/RHSA-2003-077.html http://www.securityfocus.com/bid/7050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A55 https://access.redhat.com/security/cve/CVE-2003-0159 https: •
CVE-2003-0081
https://notcve.org/view.php?id=CVE-2003-0081
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051 http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html http://www.debian.org/security/2003/dsa-258 http://www.ethereal.com/appnotes/enpa-sa-00008.html http://www.guninski.com/etherre.html http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html http://www.novell.com/linux/security/advisories/2003_019_ethereal.html http://www.redhat.com •