CVE-2004-0504
published 2004-08-18CVE-2004-0504: Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
PriorityP414medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.71%
84.2th percentile
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| ethereal_group | ethereal | — | — |
| sgi | propack | — | — |
| sgi | propack | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gv25-rf7q-whjp: Ethereal 0
ghsa_unreviewed·2022-05-03
CVE-2004-0504 [MEDIUM] GHSA-gv25-rf7q-whjp: Ethereal 0
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
Red Hat
security flaw
vendor_redhat·2004-05-03·CVSS 5.0
CVE-2004-0504 [MEDIUM] security flaw
security flaw
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0504 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2004-0504 [MEDIUM] CVE-2004-0504 security flaw
CVE-2004-0504 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
Bugzilla
CAN-2004-0504/5/6/7 Ethereal 0.10.4 contains security fixes
bugzilla·2004-05-27
[MEDIUM] CAN-2004-0504/5/6/7 Ethereal 0.10.4 contains security fixes
CAN-2004-0504/5/6/7 Ethereal 0.10.4 contains security fixes
Issues have been discovered in the following protocol dissectors:
* A SIP packet could make Ethereal crash under specific
conditions, as described in the following message:
http://www.ethereal.com/lists/ethereal-users/200405/msg00018.html
(0.10.3).
* The AIM dissector could throw an assertion, causing Ethereal to
terminate abnormally (0.10.3).
* It was possible for the SPNEGO dissector to dereference a null
pointer, causing a crash (0.9.8 to 0.10.3).
* The MMSE dissector was susceptible to a buffer overflow. (0.10.1
to 0.10.3).
Note date on ethereal advisory states "March 22nd" but this is
incorrect, it should be "May 13th" (mailed Gerald with correction).
CVE names applied for.
Discussion:
CAN-2004-0504/5/6/7
---
*** Bug 1
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.ascftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916http://secunia.com/advisories/11608http://secunia.com/advisories/11776http://secunia.com/advisories/11836http://security.gentoo.org/glsa/glsa-200406-01.xmlhttp://securitytracker.com/id?1010158http://www.ciac.org/ciac/bulletins/o-150.shtmlhttp://www.ethereal.com/appnotes/enpa-sa-00014.htmlhttp://www.ethereal.com/lists/ethereal-users/200405/msg00018.htmlhttp://www.osvdb.org/6131http://www.redhat.com/support/errata/RHSA-2004-234.htmlhttp://www.securityfocus.com/bid/10347https://exchange.xforce.ibmcloud.com/vulnerabilities/16148https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9769https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A982ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.ascftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916http://secunia.com/advisories/11608http://secunia.com/advisories/11776http://secunia.com/advisories/11836http://security.gentoo.org/glsa/glsa-200406-01.xmlhttp://securitytracker.com/id?1010158http://www.ciac.org/ciac/bulletins/o-150.shtmlhttp://www.ethereal.com/appnotes/enpa-sa-00014.htmlhttp://www.ethereal.com/lists/ethereal-users/200405/msg00018.htmlhttp://www.osvdb.org/6131http://www.redhat.com/support/errata/RHSA-2004-234.htmlhttp://www.securityfocus.com/bid/10347https://exchange.xforce.ibmcloud.com/vulnerabilities/16148https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9769https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A982
2004-08-18
Published