| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.5 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in Ethereal 0.9.11. Impacted is an unknown function of the component AIM/GIOP Grypthon/OSPF/PPTP/Quake/Quake2/Quake3/Rsync/SMB/SMPP/TSP Dissector. This manipulation causes off-by-one. The identification of this vulnerability is CVE-2003-0356. There is no exploit available. It is recommended to upgrade the affected component.
Details
A vulnerability was found in Ethereal 0.9.11 (Packet Analyzer Software). It has been declared as very critical. Affected by this vulnerability is some unknown processing of the component AIM/GIOP Grypthon/OSPF/PPTP/Quake/Quake2/Quake3/Rsync/SMB/SMPP/TSP Dissector. The manipulation with an unknown input leads to a off-by-one vulnerability. The CWE definition for the vulnerability is CWE-193. A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.
The weakness was shared 06/09/2003 by Timo Sirainen as confirmed advisory (CERT.org). The advisory is shared at kb.cert.org. This vulnerability is known as CVE-2003-0356 since 05/29/2003. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 12/15/2024).
The vulnerability scanner Nessus provides a plugin with the ID 14050 (Mandrake Linux Security Advisory : ethereal (MDKSA-2003:067)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Mandriva Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 115007 (Red Hat Ethereal Multiple Security Vulnerabilities).
Upgrading eliminates this vulnerability. A possible mitigation has been published 1 weeks after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (12037), Tenable (14050), SecurityFocus (BID 7493†) and Vulnerability Center (SBV-6714†). The entries VDB-102, VDB-20200, VDB-20316 and VDB-20510 are related to this item. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Name
Version
License
Support
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.5
VulDB Base Score: 10.0
VulDB Temp Score: 9.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Off-by-oneCWE: CWE-193 / CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 14050
Nessus Name: Mandrake Linux Security Advisory : ethereal (MDKSA-2003:067)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 53602
OpenVAS Name: Debian Security Advisory DSA 313-1 (ethereal)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
05/01/2003 🔍05/03/2003 🔍
05/29/2003 🔍
06/09/2003 🔍
06/09/2003 🔍
06/16/2003 🔍
07/31/2004 🔍
01/03/2005 🔍
08/11/2014 🔍
12/15/2024 🔍
Sources
Advisory: kb.cert.orgResearcher: Timo Sirainen
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2003-0356 (🔍)
GCVE (CVE): GCVE-0-2003-0356
GCVE (VulDB): GCVE-100-20509
OVAL: 🔍
CERT: 🔍
X-Force: 12037
SecurityFocus: 7493 - Ethereal Multiple Dissector One Byte Buffer Overflow Vulnerabilities
Vulnerability Center: 6714 - DoS in Ethereal Group Ethereal 0.8, 0.8.18, 0.9 - 0.9.11 via Multiple Packet Dissectors, Medium
See also: 🔍
Entry
Created: 08/12/2014 00:54Updated: 12/15/2024 22:41
Changes: 08/12/2014 00:54 (76), 05/28/2019 21:08 (4), 12/15/2024 22:41 (16)
Complete: 🔍
Cache ID: 216:E57:103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.