Ethereal Group Ethereal vulnerabilities

CVE-2005-0705 [MEDIUM] CVE-2005-0705: The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enable The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enabled. allows remote attackers to cause a denial of service (application crash).

CVE-2005-0739 [MEDIUM] CWE-189 CVE-2005-0739: The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routin The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.

CVE-2005-0010 [MEDIUM] CVE-2005-0010: Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attacker Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory.

CVE-2005-1281 [MEDIUM] CVE-2005-1281: Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) vi Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.

CVE-2005-0765 [MEDIUM] CVE-2005-0765: Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a de Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash).

CVE-2005-0699 [HIGH] CVE-2005-0699: Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (pac Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.

CVE-2004-1140 [MEDIUM] CVE-2004-1140: Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang) and possibly fill available disk space via an invalid RTP timestamp.

CVE-2004-1141 [MEDIUM] CVE-2004-1141: The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of se The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory.

CVE-2004-1761 [MEDIUM] CVE-2004-1761: Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (se Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file.

CVE-2004-1145 [MEDIUM] CVE-2004-1145: Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java c Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

CVE-2004-1142 [MEDIUM] CVE-2004-1142: Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

CVE-2004-1139 [MEDIUM] CVE-2004-1139: Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attacke Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

CVE-2004-0634 [MEDIUM] CVE-2004-0634: The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a deni The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.

CVE-2004-0633 [MEDIUM] CVE-2004-0633: The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of s The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.

CVE-2004-0635 [MEDIUM] CVE-2004-0635: The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of se The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.

CVE-2004-0507 [CRITICAL] CVE-2004-0507: Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVE-2004-0506 [MEDIUM] CVE-2004-0506: The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of servic The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.

CVE-2004-0505 [MEDIUM] CVE-2004-0505: The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert er The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.

CVE-2004-0504 [MEDIUM] CVE-2004-0504: Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP message Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.

CVE-2004-0367 [MEDIUM] CVE-2004-0367: Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-le Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector.