PT-2005-1774 · Ethereal+1 · Ethereal+1

Leon Juranic

Published

2005-03-13

Updated

2024-02-14

CVE-2005-0739

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Ethereal versions 0.9.1 through 0.10.9

Description The issue is related to the IAPP dissector in Ethereal, which does not properly handle string formatting. This could lead to buffer overflows, particularly when dealing with modified length values that are not correctly processed by the dissect pdus and pduval to str functions.

Recommendations For Ethereal versions 0.9.1 through 0.10.9, consider restricting the use of the IAPP dissector until a fix is available. As a temporary workaround, avoid using the dissect pdus and pduval to str functions in the IAPP dissector to minimize the risk of buffer overflows.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2005-0739

DSA-718-1

RHSA-2005:306

RHSA-2005_306

Affected Products

Ethereal

Red Hat

PT-2005-1774 · Ethereal+1 · Ethereal+1

CVE-2005-0739

Weakness Enumeration

Related Identifiers

Affected Products

References · 22