Published: 10/08/2005 Updated: 14/02/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 up to and including 0.10.11, as used in multiple dissectors, allows remote malicious users to write to arbitrary memory locations and gain privileges via a crafted AFP packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ethereal group ethereal 0.10.1
ethereal group ethereal 0.9.6
ethereal group ethereal 0.10.10
ethereal group ethereal 0.9.5
ethereal group ethereal 0.10.2
ethereal group ethereal 0.9.14
ethereal group ethereal 0.9.15
ethereal group ethereal 0.9.10
ethereal group ethereal 0.9.8
ethereal group ethereal 0.10.3
ethereal group ethereal 0.10.4
ethereal group ethereal 0.10.7
ethereal group ethereal 0.9.16
ethereal group ethereal 0.10.11
ethereal group ethereal 0.10.5
ethereal group ethereal 0.10.0
ethereal group ethereal 0.9.13
ethereal group ethereal 0.9.9
ethereal group ethereal 0.9.11
ethereal group ethereal 0.9.7
ethereal group ethereal 0.9.4
ethereal group ethereal 0.10.6
ethereal group ethereal 0.10.8
ethereal group ethereal 0.10.9
ethereal group ethereal 0.9.12

Synopsis ethereal security update Type/Severity Security Advisory: Moderate Topic Updated Ethereal packages that fix various security vulnerabilities are nowavailableThis update has been rated as having moderate security impact by the RedHat Security Response Team Description The ethereal ...

Several security problems have been discovered in ethereal, a commonly used network traffic analyser The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-2360 Memory allocation errors in the LDAP dissector can cause a denial of service CAN-2005-2361 Various errors in the AgentX, PER, DOCSIS, RA ...

/*[ ethereal[v010*]: (AFP) remote format string exploit ] ********* * * by: vade79/v9 v9@fakehalous (fakehalo/realhalo) * * compile: * gcc xethereal-afp-fmtc -o xethereal-afp-fmt * * ethereal homepage/url: * wwwetherealcom * * syntax: * /xethereal-afp-fmt [-spSrPanc] -h host * * vulnerable versions: * v0100 to v01011 (v09* and ...

NVD-CWE-Other http://www.idefense.com/application/poi/display?id=289&type=vulnerabilities http://www.ethereal.com/appnotes/enpa-sa-00020.html http://www.gentoo.org/security/en/glsa/glsa-200507-27.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:131 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html http://www.redhat.com/support/errata/RHSA-2005-687.html http://www.securityfocus.com/bid/14399 http://www.debian.org/security/2005/dsa-853 http://secunia.com/advisories/16225/http://secunia.com/advisories/17102 http://www.novell.com/linux/security/advisories/2005_19_sr.html http://www.novell.com/linux/security/advisories/2005_18_sr.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10765 https://access.redhat.com/errata/RHSA-2005:687 https://www.debian.org/security/./dsa-853 https://nvd.nist.gov https://www.exploit-db.com/exploits/1139/

CVE-2005-2367

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect