CVE-2005-0699

Current Description

Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.

Basic Data

PublishedMarch 08, 2005
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationEthereal GroupEthereal0.10.3*******
    2.3ApplicationEthereal GroupEthereal0.10.4*******
    2.3ApplicationEthereal GroupEthereal0.10.5*******
    2.3ApplicationEthereal GroupEthereal0.10.6*******
    2.3ApplicationEthereal GroupEthereal0.10.7*******
    2.3ApplicationEthereal GroupEthereal0.10.8*******
    2.3ApplicationEthereal GroupEthereal0.10.9*******
    2.3OSConectivaLinux9.0*******
    2.3OSConectivaLinux10.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSAltlinuxAlt Linuxcompact_2.3*******
    2.3OSAltlinuxAlt Linuxjunior_2.3*******
    2.3OSRedhatEnterprise Linux2.1*advanced_server*****
    2.3OSRedhatEnterprise Linux2.1*advanced_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server*****
    2.3OSRedhatEnterprise Linux2.1*enterprise_server_ia64*****
    2.3OSRedhatEnterprise Linux2.1*workstation*****
    2.3OSRedhatEnterprise Linux2.1*workstation_ia64*****
    2.3OSRedhatEnterprise Linux3.0*advanced_server*****
    2.3OSRedhatEnterprise Linux3.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux3.0*workstation_server*****
    2.3OSRedhatEnterprise Linux4.0*advanced_server*****
    2.3OSRedhatEnterprise Linux4.0*enterprise_server*****
    2.3OSRedhatEnterprise Linux4.0*workstation*****
    2.3OSRedhatEnterprise Linux Desktop3.0*******
    2.3OSRedhatEnterprise Linux Desktop4.0*******
    2.3OSRedhatLinux Advanced Workstation2.1*ia64*****
    2.3OSRedhatLinux Advanced Workstation2.1*itanium_processor*****

Vulnerable Software List

VendorProductVersions
Altlinux Alt Linux compact_2.3, junior_2.3
Redhat Enterprise Linux 2.1, 3.0, 4.0
Redhat Enterprise Linux Desktop 3.0, 4.0
Redhat Linux Advanced Workstation 2.1
Conectiva Linux 10.0, 9.0
Ethereal Group Ethereal 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9

References

NameSourceURLTags
20050309 RE: Ethereal remote buffer overflow - addonhttp://marc.info/?l=bugtraq&m=111038641832400&w=2BUGTRAQ
20050314 Ethereal 0.10.9 and below remote root exploithttp://marc.info/?l=bugtraq&m=111083125521813&w=2BUGTRAQ
GLSA-200503-16http://security.gentoo.org/glsa/glsa-200503-16.xmlGENTOOPATCH Vendor Advisory
http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-03-04http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-03-04MISC
http://www.ethereal.com/appnotes/enpa-sa-00018.htmlhttp://www.ethereal.com/appnotes/enpa-sa-00018.htmlCONFIRMExploit PATCH Vendor Advisory
MDKSA-2005:053http://www.mandriva.com/security/advisories?name=MDKSA-2005:053MANDRAKE
FLSA-2006:152922http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.htmlFEDORA
RHSA-2005:306http://www.redhat.com/support/errata/RHSA-2005-306.htmlREDHATPATCH Vendor Advisory
20050308 Ethereal remote buffer overflowhttp://www.securityfocus.com/archive/1/392659BUGTRAQExploit Vendor Advisory
12759http://www.securityfocus.com/bid/12759BIDExploit PATCH Vendor Advisory
oval:org.mitre.oval:def:10147https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10147OVAL