CVE-2003-0432

Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.ethereal.com/appnotes/enpa-sa-00010.html	Patch Vendor Advisory
http://www.debian.org/security/2003/dsa-324	Patch Vendor Advisory
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt
http://secunia.com/advisories/9007
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662
http://www.redhat.com/support/errata/RHSA-2003-077.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106

Configurations

Configuration 1 (hide)

cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*

Information

Published : 2003-07-24 04:00

Updated : 2017-10-11 01:29

NVD link : CVE-2003-0432

Mitre link : CVE-2003-0432

JSON object : View

Products Affected

ethereal_group

ethereal

CWE

NVD-CWE-Other

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "name": "http://www.ethereal.com/appnotes/enpa-sa-00010.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2003/dsa-324", "name": "DSA-324", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt", "name": "CSSA-2003-030.0", "tags": [], "refsource": "SCO"}, {"url": "http://secunia.com/advisories/9007", "name": "9007", "tags": [], "refsource": "SECUNIA"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662", "name": "CLA-2003:662", "tags": [], "refsource": "CONECTIVA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-077.html", "name": "RHSA-2003:077", "tags": [], "refsource": "REDHAT"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106", "name": "oval:org.mitre.oval:def:106", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0432", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-07-24T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.9.12"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:29Z"}