CVE-2003-0432

Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
http://secunia.com/advisories/9007
http://www.debian.org/security/2003/dsa-324	Patch Vendor Advisory
http://www.ethereal.com/appnotes/enpa-sa-00010.html	Patch Vendor Advisory URL Repurposed
http://www.redhat.com/support/errata/RHSA-2003-077.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106

Configurations

Configuration 1 (hide)

cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(CONFIRM) http://www.ethereal.com/appnotes/enpa-sa-00010.html - Patch, Vendor Advisory~~	(CONFIRM) http://www.ethereal.com/appnotes/enpa-sa-00010.html - Patch, Vendor Advisory, URL Repurposed

Information

Published : 2003-07-24 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2003-0432

Mitre link : CVE-2003-0432

CVE.ORG link : CVE-2003-0432

JSON object : View

Products Affected

ethereal_group

ethereal

CWE

NVD-CWE-Other

{"id": "CVE-2003-0432", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-07-24T04:00:00.000", "references": [{"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt", "source": "cve@mitre.org"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/9007", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2003/dsa-324", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "tags": ["Patch", "Vendor Advisory", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-077.html", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors."}, {"lang": "es", "value": "Ethereal 0.9.12 y anteriores no maneja ciertas cadenas adecuadamente, con consecuencias desconocidas, en los disectores (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1F00E28-CBCD-44DC-A884-940388DCCBD5", "versionEndIncluding": "0.9.12"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}