Vulnerability Name:

CVE-2004-0365 (CCN-15571)

Assigned:2004-03-18
Published:2004-03-18
Updated:2017-10-11
Summary:The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2004-0365

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:835

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:835
ethereal

Source: BUGTRAQ
Type: UNKNOWN
20040329 LNSA-#2004-0007: Multiple security problems in Ethereal

Source: BUGTRAQ
Type: UNKNOWN
20040416 [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal)

Source: MLIST
Type: UNKNOWN
[ethereal-dev] 20040318 ethereal radius dissector vulnerability

Source: CCN
Type: RHSA-2004-136
ethereal security update

Source: CCN
Type: RHSA-2004-137
Updated Ethereal packages fix security issues

Source: CCN
Type: SA11185
Ethereal Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
11185

Source: GENTOO
Type: Vendor Advisory
GLSA-200403-07

Source: CCN
Type: CIAC Information Bulletin 0-105
Multiple Vulnerabilities in Ethereal 0.10.2

Source: CCN
Type: Ethereal Web site
The Ethereal Network Analyzer

Source: CCN
Type: Ethereal Application Note enpa-sa-00013
Multiple security problems in Ethereal 0.10.2

Source: CONFIRM
Type: UNKNOWN
http://www.ethereal.com/appnotes/enpa-sa-00013.html

Source: CCN
Type: GLSA-200403-07
Multiple remote overflows and vulnerabilities in Ethereal

Source: CCN
Type: US-CERT VU#124454
Ethereal crashes when processing malformed RADIUS packets

Source: CERT-VN
Type: US Government Resource
VU#124454

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:024

Source: CCN
Type: OpenPKG-SA-2004.015
ethereal

Source: REDHAT
Type: UNKNOWN
RHSA-2004:136

Source: REDHAT
Type: UNKNOWN
RHSA-2004:137

Source: XF
Type: UNKNOWN
ethereal-radius-dos(15571)

Source: XF
Type: UNKNOWN
ethereal-radius-dos(15571)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:879

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:891

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9196

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ethereal_group:ethereal:0.8.13:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.8.14:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.8.18:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.8.19:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.2:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040365
    V
    CVE-2004-0365
    2015-11-16
    oval:org.mitre.oval:def:9196
    V
    The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.
    2013-04-29
    oval:org.mitre.oval:def:879
    V
    Red Hat Ethereal Denial of Service via Malformed RADIUS Packet
    2007-04-25
    oval:org.mitre.oval:def:891
    V
    Red Hat Enterprise 3 Ethereal Denial of Service via Malformed RADIUS Packet
    2007-04-25
    oval:com.redhat.rhsa:def:20040136
    P
    RHSA-2004:136: ethereal security update (Moderate)
    2004-03-30
    BACK
    ethereal_group ethereal 0.8.13
    ethereal_group ethereal 0.8.14
    ethereal_group ethereal 0.8.18
    ethereal_group ethereal 0.8.19
    ethereal_group ethereal 0.9
    ethereal_group ethereal 0.9.1
    ethereal_group ethereal 0.9.2
    ethereal_group ethereal 0.9.3
    ethereal_group ethereal 0.9.4
    ethereal_group ethereal 0.9.5
    ethereal_group ethereal 0.9.6
    ethereal_group ethereal 0.9.7
    ethereal_group ethereal 0.9.8
    ethereal_group ethereal 0.9.9
    ethereal_group ethereal 0.9.10
    ethereal_group ethereal 0.9.11
    ethereal_group ethereal 0.9.12
    ethereal_group ethereal 0.9.13
    ethereal_group ethereal 0.9.14
    ethereal_group ethereal 0.9.15
    ethereal_group ethereal 0.9.16
    ethereal_group ethereal 0.10
    ethereal_group ethereal 0.10.1
    ethereal_group ethereal 0.10.2