CVE-2003-0430
https://notcve.org/view.php?id=CVE-2003-0430
The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value. El examinador de SPNEGO en Ethereal 0.9.12 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) mediante un valor ASN.1 inválido. • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662 http://secunia.com/advisories/9007 http://www.ethereal.com/appnotes/enpa-sa-00010.html http://www.redhat.com/support/errata/RHSA-2003-077.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A88 https://access.redhat.com/security/cve/CVE-2003-0430 https://bugzilla.redhat.com/show_bug.cgi?id=1617029 •
CVE-2003-0431
https://notcve.org/view.php?id=CVE-2003-0431
The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences. La función tvb_get_nstringz0 en Ethereal 0.9.12 y anteriores no maneja adecuadamente un búfer de tamaño cero, con consecuencias desconocidas. • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662 http://secunia.com/advisories/9007 http://www.debian.org/security/2003/dsa-324 http://www.ethereal.com/appnotes/enpa-sa-00010.html http://www.redhat.com/support/errata/RHSA-2003-077.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A101 https://access.redhat.com/security/cve/CVE-2003-0431 https://bugzilla •
CVE-2003-0429
https://notcve.org/view.php?id=CVE-2003-0429
The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow. El examinador OSI en Ethereal 0.9.12 y anteriores permite atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante longitudes de prefijos IPv4 o IPv6 inválidas, posiblemente disparando un desbordamiento de búfer. • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662 http://secunia.com/advisories/9007 http://www.debian.org/security/2003/dsa-324 http://www.ethereal.com/appnotes/enpa-sa-00010.html http://www.redhat.com/support/errata/RHSA-2003-077.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A84 https://access.redhat.com/security/cve/CVE-2003-0429 https://bugzilla •
CVE-2003-0432
https://notcve.org/view.php?id=CVE-2003-0432
Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors. Ethereal 0.9.12 y anteriores no maneja ciertas cadenas adecuadamente, con consecuencias desconocidas, en los disectores (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI. • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662 http://secunia.com/advisories/9007 http://www.debian.org/security/2003/dsa-324 http://www.ethereal.com/appnotes/enpa-sa-00010.html http://www.redhat.com/support/errata/RHSA-2003-077.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106 https://access.redhat.com/security/cve/CVE-2003-0432 https://bugzilla •
CVE-2003-0356
https://notcve.org/view.php?id=CVE-2003-0356
Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions. Múltiples vulnerabilidades off-by-one en Ethereal 0.9.11 y anteriores permiten que atacantes remotos provoquen una denegación de servicio y posiblemente ejecuten código arbitrario mediante disectores (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, y (11) TSP, ya que no están usando apropiadamente las funciones tvb_get_nstringz y tvb_get_nstringz0. • http://www.debian.org/security/2003/dsa-313 http://www.ethereal.com/appnotes/enpa-sa-00009.html http://www.kb.cert.org/vuls/id/641013 http://www.mandriva.com/security/advisories?name=MDKSA-2003:067 http://www.redhat.com/support/errata/RHSA-2003-077.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69 https://access.redhat.com/security/cve/CVE-2003-0356 https://bugzilla.redhat.com/show_bug.cgi?id=1617020 • CWE-193: Off-by-one Error •