CVE-2003-0081
published 2003-03-18CVE-2003-0081: Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
5.82%
92.2th percentile
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2003-03-08·CVSS 7.5
CVE-2003-0081 [HIGH] security flaw
security flaw
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.
Red Hat
CVE-2005-1730: Multiple vulnerabilities in the OpenSSL ASN
vendor_redhat·CVSS 5.0
CVE-2005-1730 [MEDIUM] CVE-2005-1730: Multiple vulnerabilities in the OpenSSL ASN
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112.
Statement: Based on our research we believe that the "OpenSSL ASN.1 brute forcer." is actually exploiting flaws CVE-2003-0543, CVE-2003-0544, CVE-2003-0545. Those issues are all addressed in Red Hat Enterprise Linux and therefore CVE-2005-1730 is a duplicate assignment.
GHSA
GHSA-jg8q-x5wr-cvjx: Format string vulnerability in packet-socks
ghsa_unreviewed·2022-04-29
CVE-2003-0081 [HIGH] GHSA-jg8q-x5wr-cvjx: Format string vulnerability in packet-socks
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2003-0081 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2003-0081 [HIGH] CVE-2003-0081 security flaw
CVE-2003-0081 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.
Bugzilla
CAN-2003-0977 fix pushed for RH9, but not FC1
bugzilla·2004-03-20
[MEDIUM] CAN-2003-0977 fix pushed for RH9, but not FC1
CAN-2003-0977 fix pushed for RH9, but not FC1
Description of problem:
CAN-2003-0977 fix pushed for RH9, but not FC1
Version-Release number of selected component (if applicable):
cvs-1.11.5-3
Additional info:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111221#c5
https://rhn.redhat.com/errata/RHSA-2004-003.html
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977
Discussion:
A rebuild from cvs-1.11.11-1 (or higher) from Fedora Development
at Fedora Core 1 solves the problem, so maybe one of the Red Hat
maintainers could do that? Would be very nice :)
BTW: Maybe the kerberos 4 support has to be disabled.
---
Maybe that issue is fixed soon by one of
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051http://seclists.org/lists/fulldisclosure/2003/Mar/0080.htmlhttp://www.debian.org/security/2003/dsa-258http://www.ethereal.com/appnotes/enpa-sa-00008.htmlhttp://www.guninski.com/etherre.htmlhttp://www.linuxsecurity.com/advisories/gentoo_advisory-2949.htmlhttp://www.novell.com/linux/security/advisories/2003_019_ethereal.htmlhttp://www.redhat.com/support/errata/RHSA-2003-076.htmlhttp://www.redhat.com/support/errata/RHSA-2003-077.htmlhttp://www.securityfocus.com/bid/7049https://exchange.xforce.ibmcloud.com/vulnerabilities/11497https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A54http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051http://seclists.org/lists/fulldisclosure/2003/Mar/0080.htmlhttp://www.debian.org/security/2003/dsa-258http://www.ethereal.com/appnotes/enpa-sa-00008.htmlhttp://www.guninski.com/etherre.htmlhttp://www.linuxsecurity.com/advisories/gentoo_advisory-2949.htmlhttp://www.novell.com/linux/security/advisories/2003_019_ethereal.htmlhttp://www.redhat.com/support/errata/RHSA-2003-076.htmlhttp://www.redhat.com/support/errata/RHSA-2003-077.htmlhttp://www.securityfocus.com/bid/7049https://exchange.xforce.ibmcloud.com/vulnerabilities/11497https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A54
2003-03-18
Published