Vulnerability Details CVE-2005-0699
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.042
EPSS Ranking 88.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=111038641832400&w=2
- http://marc.info/?l=bugtraq&m=111083125521813&w=2
- http://security.gentoo.org/glsa/glsa-200503-16.xml
- http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-03-04
- http://www.ethereal.com/appnotes/enpa-sa-00018.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:053
- http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
- http://www.redhat.com/support/errata/RHSA-2005-306.html
- http://www.securityfocus.com/archive/1/392659
- http://www.securityfocus.com/bid/12759
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10147
- http://marc.info/?l=bugtraq&m=111038641832400&w=2
- http://marc.info/?l=bugtraq&m=111083125521813&w=2
- http://security.gentoo.org/glsa/glsa-200503-16.xml
- http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-03-04
- http://www.ethereal.com/appnotes/enpa-sa-00018.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:053
- http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
- http://www.redhat.com/support/errata/RHSA-2005-306.html
- http://www.securityfocus.com/archive/1/392659
- http://www.securityfocus.com/bid/12759
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10147
Products affected by CVE-2005-0699
-
cpe:2.3:a:ethereal_group:ethereal:0.10.3
-
cpe:2.3:a:ethereal_group:ethereal:0.10.4
-
cpe:2.3:a:ethereal_group:ethereal:0.10.5
-
cpe:2.3:a:ethereal_group:ethereal:0.10.6
-
cpe:2.3:a:ethereal_group:ethereal:0.10.7
-
cpe:2.3:a:ethereal_group:ethereal:0.10.8
-
cpe:2.3:a:ethereal_group:ethereal:0.10.9
-
cpe:2.3:o:altlinux:alt_linux:compact_2.3
-
cpe:2.3:o:altlinux:alt_linux:junior_2.3
-
cpe:2.3:o:conectiva:linux:10.0
-
cpe:2.3:o:conectiva:linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux:2.1
-
cpe:2.3:o:redhat:enterprise_linux:3.0
-
cpe:2.3:o:redhat:enterprise_linux:4.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0
-
cpe:2.3:o:redhat:linux_advanced_workstation:2.1