CVE-2004-0633

Current Description

The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.

Basic Data

PublishedDecember 06, 2004
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationEthereal GroupEthereal0.10.3*******
    2.3ApplicationEthereal GroupEthereal0.10.4*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSGentooLinux********
    2.3OSMandrakesoftMandrake Linux9.2*******
    2.3OSMandrakesoftMandrake Linux10.0*******
    2.3OSRedhatEnterprise Linux2.1*advanced_server*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server*****
    2.3OSRedhatEnterprise Linux2.1*workstation*****
    2.3OSRedhatEnterprise Linux3.0*advanced_server*****
    2.3OSRedhatEnterprise Linux3.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux3.0*workstation_server*****
    2.3OSRedhatLinux Advanced Workstation2.1*as*****

Vulnerable Software List

VendorProductVersions
Redhat Enterprise Linux 2.1, 3.0
Redhat Linux Advanced Workstation 2.1
Mandrakesoft Mandrake Linux 10.0, 9.2
Ethereal Group Ethereal 0.10.3, 0.10.4
Gentoo Linux *

References

NameSourceURLTags
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381CONFIRM
CLA-2005:916http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916CONECTIVA
12024http://secunia.com/advisories/12024SECUNIA
1010655http://securitytracker.com/id?1010655SECTRACK
http://www.ethereal.com/appnotes/enpa-sa-00015.htmlhttp://www.ethereal.com/appnotes/enpa-sa-00015.htmlCONFIRM
GLSA-200407-08http://www.gentoo.org/security/en/glsa/glsa-200407-08.xmlGENTOOPatch Vendor Advisory
VU#829422http://www.kb.cert.org/vuls/id/829422CERT-VNUS Government Resource
MDKSA-2004:067http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:067MANDRAKEPatch Vendor Advisory
FEDORA-2004-219http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00013.htmlFEDORAPatch Vendor Advisory
FEDORA-2004-220http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00014.htmlFEDORAPatch Vendor Advisory
RHSA-2004:378http://www.redhat.com/support/errata/RHSA-2004-378.htmlREDHAT
ethereal-isns-dos(16630)https://exchange.xforce.ibmcloud.com/vulnerabilities/16630XF
oval:org.mitre.oval:def:9931https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9931OVAL