CVE-2003-0356
First published: Fri May 30 2003(Updated: )
Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ethereal Group Ethereal | <=0.9.11 | |
| Ethereal Ethereal | <0.9.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ethereal.com/appnotes/enpa-sa-00009.html
- http://www.debian.org/security/2003/dsa-313
- http://www.kb.cert.org/vuls/id/641013
- http://www.redhat.com/support/errata/RHSA-2003-077.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:067
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/author
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/ethereal group
- canonical/ethereal group ethereal
- version/ethereal group ethereal/0.9.11
- vendor/ethereal
- canonical/ethereal ethereal