rhsa-2005_037
Vulnerability from csaf_redhat
Published
2005-02-15 09:49
Modified
2005-02-15 00:00
Summary
Red Hat Security Advisory: ethereal security update

Notes

Topic
Updated Ethereal packages that fix various security vulnerabilities are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Details
Ethereal is a program for monitoring network traffic. A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws. A flaw in the DICOM dissector could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1139 to this issue. A invalid RTP timestamp could hang Ethereal and create a large temporary file, possibly filling available disk space. (CAN-2004-1140) The HTTP dissector could access previously-freed memory, causing a crash. (CAN-2004-1141) An improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142) The COPS dissector could go into an infinite loop. (CAN-2005-0006) The DLSw dissector could cause an assertion, making Ethereal exit prematurely. (CAN-2005-0007) The DNP dissector could cause memory corruption. (CAN-2005-0008) The Gnutella dissector could cause an assertion, making Ethereal exit prematurely. (CAN-2005-0009) The MMSE dissector could free static memory, causing a crash. (CAN-2005-0010) The X11 protocol dissector is vulnerable to a string buffer overflow. (CAN-2005-0084) Users of Ethereal should upgrade to these updated packages which contain version 0.10.9 that is not vulnerable to these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Ethereal packages that fix various security vulnerabilities are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Ethereal is a program for monitoring network traffic.\n\nA number of security flaws have been discovered in Ethereal.  On a system\nwhere Ethereal is running, a remote attacker could send malicious packets\nto trigger these flaws.\n\nA flaw in the DICOM dissector could cause a crash.  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-1139 to this issue.\n\nA invalid RTP timestamp could hang Ethereal and create a large temporary\nfile, possibly filling available disk space. (CAN-2004-1140)\n\nThe HTTP dissector could access previously-freed memory, causing a crash.\n(CAN-2004-1141)\n\nAn improperly formatted SMB packet could make Ethereal hang, maximizing CPU\nutilization.  (CAN-2004-1142)\n\nThe COPS dissector could go into an infinite loop. (CAN-2005-0006)\n\nThe DLSw dissector could cause an assertion, making Ethereal exit\nprematurely. (CAN-2005-0007)\n\nThe DNP dissector could cause memory corruption. (CAN-2005-0008)\n\nThe Gnutella dissector could cause an assertion, making Ethereal exit\nprematurely. (CAN-2005-0009)\n\nThe MMSE dissector could free static memory, causing a crash. (CAN-2005-0010)\n\nThe X11 protocol dissector is vulnerable to a string buffer overflow.\n(CAN-2005-0084) \n\nUsers of Ethereal should upgrade to these updated packages which contain\nversion 0.10.9 that is not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2005:037",
        "url": "https://access.redhat.com/errata/RHSA-2005:037"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://www.ethereal.com/appnotes/enpa-sa-00016.html",
        "url": "http://www.ethereal.com/appnotes/enpa-sa-00016.html"
      },
      {
        "category": "external",
        "summary": "http://www.ethereal.com/appnotes/enpa-sa-00017.html",
        "url": "http://www.ethereal.com/appnotes/enpa-sa-00017.html"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2005/rhsa-2005_037.json"
      }
    ],
    "title": "Red Hat Security Advisory: ethereal security update",
    "tracking": {
      "current_release_date": "2005-02-15T00:00:00Z",
      "generator": {
        "date": "2023-06-30T19:13:00Z",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.18.0"
        }
      },
      "id": "RHSA-2005:037",
      "initial_release_date": "2005-02-15T09:49:00Z",
      "revision_history": [
        {
          "date": "2005-02-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "Red Hat Enterprise Linux"
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-1139",
      "discovery_date": "2004-12-14T00:00:00Z",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617375"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1139",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1139"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1139",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1139"
        },
        {
          "category": "external",
          "summary": "CVE-2004-1139",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1139"
        },
        {
          "category": "external",
          "summary": "bz#1617375: CVE-2004-1139 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617375"
        }
      ],
      "release_date": "2004-12-15T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2005:037"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2004-12-14T00:00:00Z",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2004-1139 security flaw"
    },
    {
      "cve": "CVE-2004-1140",
      "discovery_date": "2004-12-14T00:00:00Z",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617376"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang) and possibly fill available disk space via an invalid RTP timestamp.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1140",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1140"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1140",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1140"
        },
        {
          "category": "external",
          "summary": "CVE-2004-1140",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1140"
        },
        {
          "category": "external",
          "summary": "bz#1617376: CVE-2004-1140 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617376"
        }
      ],
      "release_date": "2004-12-15T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2005:037"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2004-12-14T00:00:00Z",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2004-1140 security flaw"
    },
    {
      "cve": "CVE-2004-1141",
      "discovery_date": "2004-12-14T00:00:00Z",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617377"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1141"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1141",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1141"
        },
        {
          "category": "external",
          "summary": "CVE-2004-1141",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1141"
        },
        {
          "category": "external",
          "summary": "bz#1617377: CVE-2004-1141 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617377"
        }
      ],
      "release_date": "2004-12-15T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2005:037"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2004-12-14T00:00:00Z",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2004-1141 security flaw"
    },
    {
      "cve": "CVE-2004-1142",
      "discovery_date": "2004-12-14T00:00:00Z",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617378"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1142",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1142"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1142",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1142"
        },
        {
          "category": "external",
          "summary": "CVE-2004-1142",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1142"
        },
        {
          "category": "external",
          "summary": "bz#1617378: CVE-2004-1142 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617378"
        }
      ],
      "release_date": "2004-12-15T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2005:037"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2004-12-14T00:00:00Z",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2004-1142 security flaw"
    },
    {
      "cve": "CVE-2005-0006",
      "discovery_date": "2005-01-18T00:00:00Z",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617432"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (infinite loop).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-0006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-0006"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-0006",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0006"
        },
        {
          "category": "external",
          "summary": "CVE-2005-0006",
          "url": "https://access.redhat.com/security/cve/CVE-2005-0006"
        },
        {
          "category": "external",
          "summary": "bz#1617432: CVE-2005-0006 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617432"
        }
      ],
      "release_date": "2005-01-19T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2005:037"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2005-01-18T00:00:00Z",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2005-0006 security flaw"
    },
    {
      "cve": "CVE-2005-0007",
      "discovery_date": "2005-01-18T00:00:00Z",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617433"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash from assertion).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-0007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-0007"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-0007",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0007"
        },
        {
          "category": "external",
          "summary": "CVE-2005-0007",
          "url": "https://access.redhat.com/security/cve/CVE-2005-0007"
        },
        {
          "category": "external",
          "summary": "bz#1617433: CVE-2005-0007 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617433"
        }
      ],
      "release_date": "2005-01-19T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2005:037"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2005-01-18T00:00:00Z",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2005-0007 security flaw"
    },
    {
      "cve": "CVE-2005-0008",
      "discovery_date": "2005-01-18T00:00:00Z",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617434"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause \"memory corruption.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-0008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-0008"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-0008",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0008"
        },
        {
          "category": "external",
          "summary": "CVE-2005-0008",
          "url": "https://access.redhat.com/security/cve/CVE-2005-0008"
        },
        {
          "category": "external",
          "summary": "bz#1617434: CVE-2005-0008 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617434"
        }
      ],
      "release_date": "2005-01-19T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2005:037"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2005-01-18T00:00:00Z",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2005-0008 security flaw"
    },
    {
      "cve": "CVE-2005-0009",
      "discovery_date": "2005-01-18T00:00:00Z",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617435"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-0009",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-0009"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-0009",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0009"
        },
        {
          "category": "external",
          "summary": "CVE-2005-0009",
          "url": "https://access.redhat.com/security/cve/CVE-2005-0009"
        },
        {
          "category": "external",
          "summary": "bz#1617435: CVE-2005-0009 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617435"
        }
      ],
      "release_date": "2005-01-19T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2005:037"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2005-01-18T00:00:00Z",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2005-0009 security flaw"
    },
    {
      "cve": "CVE-2005-0010",
      "discovery_date": "2005-01-18T00:00:00Z",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617437"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-0010",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-0010"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-0010",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0010"
        },
        {
          "category": "external",
          "summary": "CVE-2005-0010",
          "url": "https://access.redhat.com/security/cve/CVE-2005-0010"
        },
        {
          "category": "external",
          "summary": "bz#1617437: CVE-2005-0010 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617437"
        }
      ],
      "release_date": "2005-01-19T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2005:037"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2005-01-18T00:00:00Z",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2005-0010 security flaw"
    },
    {
      "cve": "CVE-2005-0084",
      "discovery_date": "2005-01-18T00:00:00Z",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617446"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 allows remote attackers to execute arbitrary code via a crafted packet.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-0084",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-0084"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-0084",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0084"
        },
        {
          "category": "external",
          "summary": "CVE-2005-0084",
          "url": "https://access.redhat.com/security/cve/CVE-2005-0084"
        },
        {
          "category": "external",
          "summary": "bz#1617446: CVE-2005-0084 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617446"
        }
      ],
      "release_date": "2005-01-19T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2005:037"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2005-01-18T00:00:00Z",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2005-0084 security flaw"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.