Vulnerability Name:

CVE-2006-1937 (CCN-26007)

Assigned:2006-04-24
Published:2006-04-24
Updated:2017-10-11
Summary:Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: SGI
Type: UNKNOWN
20060501-01-U

Source: MITRE
Type: CNA
CVE-2006-1937

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:010

Source: CCN
Type: RHSA-2006-0420
ethereal security update

Source: CCN
Type: SA19769
Ethereal Multiple Protocol Dissector Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
19769

Source: SECUNIA
Type: Vendor Advisory
19805

Source: SECUNIA
Type: Vendor Advisory
19828

Source: SECUNIA
Type: Vendor Advisory
19839

Source: SECUNIA
Type: Vendor Advisory
19958

Source: SECUNIA
Type: Vendor Advisory
19962

Source: SECUNIA
Type: Vendor Advisory
20117

Source: SECUNIA
Type: Vendor Advisory
20210

Source: CCN
Type: SA20944
Avaya Products Ethereal Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
20944

Source: CCN
Type: SECTRACK ID: 1015985
Ethereal Bugs in Multipe Dissectors Lets Remote Users Execute Arbitrary Code and Remote Deny Service

Source: SECTRACK
Type: UNKNOWN
1015985

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm

Source: CCN
Type: ASA-2006-128
ethereal security update (RHSA-2006-0420)

Source: DEBIAN
Type: UNKNOWN
DSA-1049

Source: DEBIAN
Type: DSA-1049
ethereal -- several vulnerabilities

Source: CCN
Type: Ethereal Web site
Ethereal: A Network Protocol Analyzer

Source: CCN
Type: Ethereal Security Advisory enpa-sa-00023
Multiple problems in Ethereal versions 0.8.5 to 0.10.14

Source: CONFIRM
Type: Patch
http://www.ethereal.com/appnotes/enpa-sa-00023.html

Source: CCN
Type: GLSA-200604-17
Ethereal: Multiple vulnerabilities in protocol dissectors

Source: GENTOO
Type: UNKNOWN
GLSA-200604-17

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:077

Source: FEDORA
Type: UNKNOWN
FEDORA-2006-456

Source: FEDORA
Type: UNKNOWN
FEDORA-2006-461

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0420

Source: BID
Type: UNKNOWN
17682

Source: CCN
Type: BID-17682
Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.99.0

Source: VUPEN
Type: Vendor Advisory
ADV-2006-1501

Source: XF
Type: UNKNOWN
ethereal-h248-dissector-dos(26007)

Source: XF
Type: UNKNOWN
ethereal-h248-dissector-dos(26007)

Source: XF
Type: UNKNOWN
ethereal-x509if-dissector-dos(26009)

Source: XF
Type: UNKNOWN
ethereal-srvloc-dos(26010)

Source: XF
Type: UNKNOWN
ethereal-h245-dos(26011)

Source: XF
Type: UNKNOWN
ethereal-statistics-counter-dos(26015)

Source: XF
Type: UNKNOWN
ethereal-general-dissector-dos(26018)

Source: XF
Type: UNKNOWN
ethereal-aim-dos(26019)

Source: XF
Type: UNKNOWN
ethereal-h248-dos(26031)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10323

Source: SUSE
Type: SUSE-SR:2006:010
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ethereal_group:ethereal:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.0a:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.4:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.5:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.6:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.7:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.8:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.9:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.10:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.11:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.12:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.13:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-1937 (CCN-26009)

    Assigned:2006-04-24
    Published:2006-04-24
    Updated:2006-04-24
    Summary:Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2006-1937

    Source: CCN
    Type: RHSA-2006-0420
    ethereal security update

    Source: CCN
    Type: SA19769
    Ethereal Multiple Protocol Dissector Vulnerabilities

    Source: CCN
    Type: SA20944
    Avaya Products Ethereal Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1015985
    Ethereal Bugs in Multipe Dissectors Lets Remote Users Execute Arbitrary Code and Remote Deny Service

    Source: CCN
    Type: ASA-2006-128
    ethereal security update (RHSA-2006-0420)

    Source: DEBIAN
    Type: DSA-1049
    ethereal -- several vulnerabilities

    Source: CCN
    Type: Ethereal Web site
    Ethereal: A Network Protocol Analyzer

    Source: CCN
    Type: Ethereal Security Advisory enpa-sa-00023
    Multiple problems in Ethereal versions 0.8.5 to 0.10.14

    Source: CCN
    Type: GLSA-200604-17
    Ethereal: Multiple vulnerabilities in protocol dissectors

    Source: CCN
    Type: BID-17682
    Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.99.0

    Source: XF
    Type: UNKNOWN
    ethereal-x509if-dissector-dos(26009)

    Source: SUSE
    Type: SUSE-SR:2006:010
    SUSE Security Summary Report

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ethereal_group:ethereal:0.10.14:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-1937 (CCN-26010)

    Assigned:2006-04-24
    Published:2006-04-24
    Updated:2006-04-24
    Summary:Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2006-1937

    Source: CCN
    Type: RHSA-2006-0420
    ethereal security update

    Source: CCN
    Type: SA19769
    Ethereal Multiple Protocol Dissector Vulnerabilities

    Source: CCN
    Type: SA20944
    Avaya Products Ethereal Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1015985
    Ethereal Bugs in Multipe Dissectors Lets Remote Users Execute Arbitrary Code and Remote Deny Service

    Source: CCN
    Type: ASA-2006-128
    ethereal security update (RHSA-2006-0420)

    Source: DEBIAN
    Type: DSA-1049
    ethereal -- several vulnerabilities

    Source: CCN
    Type: Ethereal Web site
    Ethereal: A Network Protocol Analyzer

    Source: CCN
    Type: Ethereal Security Advisory enpa-sa-00023
    Multiple problems in Ethereal versions 0.8.5 to 0.10.14

    Source: CCN
    Type: GLSA-200604-17
    Ethereal: Multiple vulnerabilities in protocol dissectors

    Source: CCN
    Type: BID-17682
    Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.99.0

    Source: XF
    Type: UNKNOWN
    ethereal-srvloc-dos(26010)

    Source: SUSE
    Type: SUSE-SR:2006:010
    SUSE Security Summary Report

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-1937 (CCN-26011)

    Assigned:2006-04-24
    Published:2006-04-24
    Updated:2006-04-24
    Summary:Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2006-1937

    Source: CCN
    Type: RHSA-2006-0420
    ethereal security update

    Source: CCN
    Type: SA19769
    Ethereal Multiple Protocol Dissector Vulnerabilities

    Source: CCN
    Type: SA20944
    Avaya Products Ethereal Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1015985
    Ethereal Bugs in Multipe Dissectors Lets Remote Users Execute Arbitrary Code and Remote Deny Service

    Source: CCN
    Type: ASA-2006-128
    ethereal security update (RHSA-2006-0420)

    Source: DEBIAN
    Type: DSA-1049
    ethereal -- several vulnerabilities

    Source: CCN
    Type: Ethereal Web site
    Ethereal: A Network Protocol Analyzer

    Source: CCN
    Type: Ethereal Security Advisory enpa-sa-00023
    Multiple problems in Ethereal versions 0.8.5 to 0.10.14

    Source: CCN
    Type: GLSA-200604-17
    Ethereal: Multiple vulnerabilities in protocol dissectors

    Source: CCN
    Type: BID-17682
    Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.99.0

    Source: XF
    Type: UNKNOWN
    ethereal-h245-dos(26011)

    Source: SUSE
    Type: SUSE-SR:2006:010
    SUSE Security Summary Report

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ethereal_group:ethereal:0.10.13:*:*:*:*:*:*:*
  • OR cpe:/a:ethereal_group:ethereal:0.10.14:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-1937 (CCN-26015)

    Assigned:2006-04-24
    Published:2006-04-24
    Updated:2006-04-24
    Summary:Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2006-1937

    Source: CCN
    Type: RHSA-2006-0420
    ethereal security update

    Source: CCN
    Type: SA19769
    Ethereal Multiple Protocol Dissector Vulnerabilities

    Source: CCN
    Type: SA20944
    Avaya Products Ethereal Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1015985
    Ethereal Bugs in Multipe Dissectors Lets Remote Users Execute Arbitrary Code and Remote Deny Service

    Source: CCN
    Type: ASA-2006-128
    ethereal security update (RHSA-2006-0420)

    Source: DEBIAN
    Type: DSA-1049
    ethereal -- several vulnerabilities

    Source: CCN
    Type: Ethereal Web site
    Ethereal: A Network Protocol Analyzer

    Source: CCN
    Type: Ethereal Security Advisory enpa-sa-00023
    Multiple problems in Ethereal versions 0.8.5 to 0.10.14

    Source: CCN
    Type: GLSA-200604-17
    Ethereal: Multiple vulnerabilities in protocol dissectors

    Source: CCN
    Type: BID-17682
    Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.99.0

    Source: XF
    Type: UNKNOWN
    ethereal-statistics-counter-dos(26015)

    Source: SUSE
    Type: SUSE-SR:2006:010
    SUSE Security Summary Report

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-1937 (CCN-26018)

    Assigned:2006-04-24
    Published:2006-04-24
    Updated:2006-04-24
    Summary:Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2006-1937

    Source: CCN
    Type: RHSA-2006-0420
    ethereal security update

    Source: CCN
    Type: SA19769
    Ethereal Multiple Protocol Dissector Vulnerabilities

    Source: CCN
    Type: SA20944
    Avaya Products Ethereal Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1015985
    Ethereal Bugs in Multipe Dissectors Lets Remote Users Execute Arbitrary Code and Remote Deny Service

    Source: CCN
    Type: ASA-2006-128
    ethereal security update (RHSA-2006-0420)

    Source: DEBIAN
    Type: DSA-1049
    ethereal -- several vulnerabilities

    Source: CCN
    Type: Ethereal Web site
    Ethereal: A Network Protocol Analyzer

    Source: CCN
    Type: Ethereal Security Advisory enpa-sa-00023
    Multiple problems in Ethereal versions 0.8.5 to 0.10.14

    Source: CCN
    Type: GLSA-200604-17
    Ethereal: Multiple vulnerabilities in protocol dissectors

    Source: CCN
    Type: BID-17682
    Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.99.0

    Source: XF
    Type: UNKNOWN
    ethereal-general-dissector-dos(26018)

    Source: SUSE
    Type: SUSE-SR:2006:010
    SUSE Security Summary Report

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-1937 (CCN-26019)

    Assigned:2006-04-24
    Published:2006-04-24
    Updated:2006-04-24
    Summary:Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2006-1937

    Source: CCN
    Type: RHSA-2006-0420
    ethereal security update

    Source: CCN
    Type: SA19769
    Ethereal Multiple Protocol Dissector Vulnerabilities

    Source: CCN
    Type: SA20944
    Avaya Products Ethereal Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1015985
    Ethereal Bugs in Multipe Dissectors Lets Remote Users Execute Arbitrary Code and Remote Deny Service

    Source: CCN
    Type: ASA-2006-128
    ethereal security update (RHSA-2006-0420)

    Source: DEBIAN
    Type: DSA-1049
    ethereal -- several vulnerabilities

    Source: CCN
    Type: Ethereal Web site
    Ethereal: A Network Protocol Analyzer

    Source: CCN
    Type: Ethereal Security Advisory enpa-sa-00023
    Multiple problems in Ethereal versions 0.8.5 to 0.10.14

    Source: CCN
    Type: GLSA-200604-17
    Ethereal: Multiple vulnerabilities in protocol dissectors

    Source: CCN
    Type: BID-17682
    Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.99.0

    Source: XF
    Type: UNKNOWN
    ethereal-aim-dos(26019)

    Source: SUSE
    Type: SUSE-SR:2006:010
    SUSE Security Summary Report

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-1937 (CCN-26031)

    Assigned:2006-04-24
    Published:2006-04-24
    Updated:2006-04-24
    Summary:Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2006-1937

    Source: CCN
    Type: RHSA-2006-0420
    ethereal security update

    Source: CCN
    Type: SA19769
    Ethereal Multiple Protocol Dissector Vulnerabilities

    Source: CCN
    Type: SA20944
    Avaya Products Ethereal Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1015985
    Ethereal Bugs in Multipe Dissectors Lets Remote Users Execute Arbitrary Code and Remote Deny Service

    Source: CCN
    Type: ASA-2006-128
    ethereal security update (RHSA-2006-0420)

    Source: DEBIAN
    Type: DSA-1049
    ethereal -- several vulnerabilities

    Source: CCN
    Type: Ethereal Web site
    Ethereal: A Network Protocol Analyzer

    Source: CCN
    Type: Ethereal Security Advisory enpa-sa-00023
    Multiple problems in Ethereal versions 0.8.5 to 0.10.14

    Source: CCN
    Type: GLSA-200604-17
    Ethereal: Multiple vulnerabilities in protocol dissectors

    Source: CCN
    Type: BID-17682
    Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.99.0

    Source: XF
    Type: UNKNOWN
    ethereal-h248-dos(26031)

    Source: SUSE
    Type: SUSE-SR:2006:010
    SUSE Security Summary Report

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20061937
    V
    		CVE-2006-1937
    2015-11-16
    oval:org.mitre.oval:def:10323
    V
    		Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.
    2013-04-29
    oval:com.redhat.rhsa:def:20060420
    P
    		RHSA-2006:0420: ethereal security update (Moderate)
    2006-05-03
    oval:org.debian:def:1049
    V
    		several vulnerabilities
    2006-05-02
    BACK
    ethereal_group ethereal 0.10
    ethereal_group ethereal 0.10.0
    ethereal_group ethereal 0.10.0a
    ethereal_group ethereal 0.10.1
    ethereal_group ethereal 0.10.2
    ethereal_group ethereal 0.10.3
    ethereal_group ethereal 0.10.4
    ethereal_group ethereal 0.10.5
    ethereal_group ethereal 0.10.6
    ethereal_group ethereal 0.10.7
    ethereal_group ethereal 0.10.8
    ethereal_group ethereal 0.10.9
    ethereal_group ethereal 0.10.10
    ethereal_group ethereal 0.10.11
    ethereal_group ethereal 0.10.12
    ethereal_group ethereal 0.10.13
    ethereal_group ethereal 0.10.14
    debian debian linux 3.0
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2006
    ethereal_group ethereal 0.10.13
    ethereal_group ethereal 0.10.14
    debian debian linux 3.0
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2006