PT-2005-1774 · Ethereal+1 · Ethereal+1

Leon Juranic

Publicado

2005-03-13

Atualizado

2024-02-14

CVE-2005-0739

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Ethereal versions 0.9.1 through 0.10.9

Description The issue is related to the IAPP dissector in Ethereal, which does not properly handle string formatting. This could lead to buffer overflows, particularly when dealing with modified length values that are not correctly processed by the dissect pdus and pduval to str functions.

Recommendations For Ethereal versions 0.9.1 through 0.10.9, consider restricting the use of the IAPP dissector until a fix is available. As a temporary workaround, avoid using the dissect pdus and pduval to str functions in the IAPP dissector to minimize the risk of buffer overflows.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CVE-2005-0739

DSA-718-1

RHSA-2005:306

RHSA-2005_306

Produtos afetados

Ethereal

Red Hat

PT-2005-1774 · Ethereal+1 · Ethereal+1

CVE-2005-0739

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 22