Alias(es)Ethereal.Dissector.Slimp3.Buffer.Overflow, Ethereal.Dissector.SRVLOC.Buffer.Overflow.TCP, Ethereal.Dissector.SRVLOC.Buffer.Overflow.UDP, Ethereal.Dissector.Agentx.Buffer.Overflow |
Release DateOct 19, 2005 |
Severitylow |
ImpactCompromised of the affected system. |
DescriptionIt indicates a possible exploit of multiple vulnerabilities in Ethereal, which could be exploited by attackers to execute arbitrary commands or cause a denial of service. This is due to memory corruption, null pointer dereference, and buffer overflow errors in the ISAKMP, FC-FCS, RSVP, ISIS LSP, IrDA, SLIMP3, BER, SCSI, ONC RPC, sFlow, RTnet, SMB, X11, AgentX, WSP, NCP, ACSE and SRVLOC dissectors, which could be exploited by attackers to crash or compromise a vulnerable system. |
Affected ProductsEthereal Group Ethereal 0.10.12, 0.10.11 and 0.10.10 |
Recommended ActionsUpgrade to Ethereal Group Ethereal 0.10.13 or later |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2005-3245CVE-2005-3247 CVE-2005-3242 CVE-2005-3184 CVE-2005-3249 CVE-2005-3241 CVE-2005-3246 CVE-2005-3244 CVE-2005-3248 CVE-2005-3243 |
Reference/shttp://www.securityfocus.com/bid/15158 (BugTraq)http://www.securityfocus.com/bid/15148 (BugTraq) http://www.frsirt.com/english/advisories/2005/2148 (FrSIRT) |
