FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

multiple vulnerabilities in ethereal

Affected packages
ethereal < 0.10.3
tethereal < 0.10.3

Details

VuXML ID cdf18ed9-7f4a-11d8-9645-0020ed76ef5a
Discovery 2004-03-23
Entry 2004-03-26
Modified 2004-07-11

Stefan Esser of e-matters Security discovered a baker's dozen of buffer overflows in Ethereal's decoders, including:

In addition, a vulnerability in the RADIUS decoder was found by Jonathan Heusser.

Finally, there is one uncredited vulnerability described by the Ethereal team as:

A zero-length Presentation protocol selector could make Ethereal crash.

References

Bugtraq ID 9952
CERT/CC Vulnerability Note 119876
CERT/CC Vulnerability Note 124454
CERT/CC Vulnerability Note 125156
CERT/CC Vulnerability Note 433596
CERT/CC Vulnerability Note 591820
CERT/CC Vulnerability Note 644886
CERT/CC Vulnerability Note 659140
CERT/CC Vulnerability Note 695486
CERT/CC Vulnerability Note 740188
CERT/CC Vulnerability Note 792286
CERT/CC Vulnerability Note 864884
CERT/CC Vulnerability Note 931588
CVE Name CVE-2004-0176
CVE Name CVE-2004-0365
CVE Name CVE-2004-0367
URL http://secunia.com/advisories/11185
URL http://security.e-matters.de/advisories/032004.html
URL http://www.ethereal.com/appnotes/enpa-sa-00013.html
URL http://www.osvdb.org/4462
URL http://www.osvdb.org/4463
URL http://www.osvdb.org/4464