Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2005-0739

Published: 02/05/2005 Updated: 14/02/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.

Vulnerable Product Search on Vulmon Subscribe to Product

ethereal group ethereal

Vendor Advisories

Red Hat: ethereal security update
Synopsis ethereal security update Type/Severity Security Advisory: Moderate Topic Updated Ethereal packages that fix various security vulnerabilities are nowavailableThis update has been rated as having moderate security impact by the Red HatSecurity Response Team Description The ethereal ...
Debian Security Advisories: DSA-718-2 ethereal -- buffer overflow
[ This version lists the correct packages in the packages section ] A buffer overflow has been detected in the IAPP dissector of Ethereal, a commonly used network traffic analyser A remote attacker may be able to overflow a buffer using a specially crafted packet More problems have been discovered which don't apply to the version in woody but ...

Exploits

Exploit DB: Ethereal 0.10.9 (Windows) - '3G-A11' Remote Buffer Overflow
/* * * Ethereal IAPP remote buffer overflow #2 PoC exploit * --------------------------------------------------- * To test this vulnerability on windows, try to send 3-10 packets * that will trigger the crash, and scroll between captured packets * in Ethereal * * Coded by Leon Juranic <ljuranic@lsshr> * LSS Security <http:/ ...

References

CWE-189http://www.ethereal.com/appnotes/enpa-sa-00018.htmlhttp://www.debian.org/security/2005/dsa-718http://www.gentoo.org/security/en/glsa/glsa-200503-16.xmlhttp://www.redhat.com/support/errata/RHSA-2005-306.htmlhttp://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.htmlhttp://www.securityfocus.com/bid/12762http://security.lss.hr/index.php?page=details&ID=LSS-2005-03-05http://anonsvn.ethereal.com/viewcvs/viewcvs.py?view=rev&rev=13707http://www.mandriva.com/security/advisories?name=MDKSA-2005:053http://marc.info/?l=bugtraq&m=111066805726551&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9687https://access.redhat.com/errata/RHSA-2005:306https://nvd.nist.govhttps://www.exploit-db.com/exploits/874/https://www.debian.org/security/./dsa-718
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710arbitrary CVE-2024-5272CVE-2024-2961brute forceremoteCVE-2024-32944CVE-2024-36241CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook