CVE-2003-0356

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.11 and earlier

Description: Multiple off-by-one vulnerabilities allow remote attackers to cause a denial of service and possibly execute arbitrary code via several dissectors, including AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP, which do not properly use the tvb get nstringz and tvb get nstringz0 functions.

Recommendations: For Ethereal versions 0.9.11 and earlier, consider disabling the affected dissectors until a patch is available. Restrict access to the vulnerable functions tvb get nstringz and tvb get nstringz0 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.