FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  567419
Date:      2021-03-05
Time:      21:18:20Z
Committer: mfechner

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
21c223f2-d596-11da-8098-00123ffe8333ethereal -- Multiple Protocol Dissector Vulnerabilities

Secunia reports:

Multiple vulnerabilities have been reported in Ethereal, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerabilities are caused due to various types of errors including boundary errors, an off-by-one error, an infinite loop error, and several unspecified errors in a multitude of protocol dissectors.

Successful exploitation causes Ethereal to stop responding, consume a large amount of system resources, crash, or execute arbitrary code.


Discovery 2006-04-25
Entry 2006-04-27
ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.5 lt 0.99.0

CVE-2006-1932
CVE-2006-1933
CVE-2006-1934
CVE-2006-1935
CVE-2006-1936
CVE-2006-1937
CVE-2006-1938
CVE-2006-1939
CVE-2006-1940
http://www.ethereal.com/appnotes/enpa-sa-00023.html
http://secunia.com/advisories/19769/
265c8b00-d2d0-11d8-b479-02e0185c0b53multiple vulnerabilities in ethereal

Issues have been discovered in multiple protocol dissectors.


Discovery 2004-07-06
Entry 2004-07-11
ethereal
ethereal-lite
tethereal
tethereal-lite
lt 0.10.5

http://www.ethereal.com/appnotes/enpa-sa-00015.html
CVE-2004-0633
CVE-2004-0634
CVE-2004-0635
http://secunia.com/advisories/12024
10672
http://www.osvdb.org/7536
http://www.osvdb.org/7537
http://www.osvdb.org/7538
5d51d245-00ca-11da-bc08-0001020eed82ethereal -- multiple protocol dissectors vulnerabilities

An Ethreal Security Advisories reports:

Our testing program has turned up several more security issues:

  • The LDAP dissector could free static memory and crash.
  • The AgentX dissector could crash.
  • The 802.3 dissector could go into an infinite loop.
  • The PER dissector could abort.
  • The DHCP dissector could go into an infinite loop.
  • The BER dissector could abort or loop infinitely.
  • The MEGACO dissector could go into an infinite loop.
  • The GIOP dissector could dereference a null pointer.
  • The SMB dissector was susceptible to a buffer overflow.
  • The WBXML could dereference a null pointer.
  • The H1 dissector could go into an infinite loop.
  • The DOCSIS dissector could cause a crash.
  • The SMPP dissector could go into an infinite loop.
  • SCTP graphs could crash.
  • The HTTP dissector could crash.
  • The SMB dissector could go into a large loop.
  • The DCERPC dissector could crash.
  • Several dissectors could crash while reassembling packets.

Steve Grubb at Red Hat found the following issues:

  • The CAMEL dissector could dereference a null pointer.
  • The DHCP dissector could crash.
  • The CAMEL dissector could crash.
  • The PER dissector could crash.
  • The RADIUS dissector could crash.
  • The Telnet dissector could crash.
  • The IS-IS LSP dissector could crash.
  • The NCP dissector could crash.

iDEFENSE found the following issues:

  • Several dissectors were susceptible to a format string overflow.

Impact:

It may be possible to make Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.


Discovery 2005-07-26
Entry 2005-07-30
ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.5 lt 0.10.12

http://www.ethereal.com/appnotes/enpa-sa-00020.html
74d06b67-d2cf-11d8-b479-02e0185c0b53multiple vulnerabilities in ethereal

Issues have been discovered in multiple protocol dissectors.


Discovery 2004-05-13
Entry 2004-07-11
ethereal
ethereal-lite
tethereal
tethereal-lite
lt 0.10.4

http://www.ethereal.com/appnotes/enpa-sa-00014.html
CVE-2004-0504
CVE-2004-0505
CVE-2004-0506
CVE-2004-0507
http://secunia.com/advisories/11608
10347
http://www.osvdb.org/6131
http://www.osvdb.org/6132
http://www.osvdb.org/6133
http://www.osvdb.org/6134
76adaab0-e4e3-11d9-b875-0001020eed82ethereal -- multiple protocol dissectors vulnerabilities

An Ethreal Security Advisories reports:

An aggressive testing program as well as independent discovery has turned up a multitude of security issues

Please reference CVE/URL list for details


Discovery 2005-05-04
Entry 2005-06-24
ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.14 lt 0.10.11

13391
13504
13567
CVE-2005-1281
CVE-2005-1456
CVE-2005-1457
CVE-2005-1458
CVE-2005-1459
CVE-2005-1460
CVE-2005-1461
CVE-2005-1462
CVE-2005-1463
CVE-2005-1464
CVE-2005-1465
CVE-2005-1466
CVE-2005-1467
CVE-2005-1468
CVE-2005-1469
CVE-2005-1470
http://www.ethereal.com/appnotes/enpa-sa-00019.html
7fadc049-2ba0-11dc-9377-0016179b2dd5wireshark -- Multiple problems

wireshark Team reports:

It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.


Discovery 2007-06-29
Entry 2007-07-06
Modified 2010-05-12
wireshark
wireshark-lite
ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.20 lt 0.99.6

CVE-2007-3389
CVE-2007-3390
CVE-2007-3391
CVE-2007-3392
CVE-2007-3393
http://secunia.com/advisories/25833/
http://www.wireshark.org/security/wnpa-sec-2007-02.html
831a6a66-79fa-11d9-a9e7-0001020eed82ethereal -- multiple protocol dissectors vulnerabilities

An Ethreal Security Advisories reports:

Issues have been discovered in the following protocol dissectors:

  • The COPS dissector could go into an infinite loop. CVE: CAN-2005-0006
  • The DLSw dissector could cause an assertion. CVE: CAN-2005-0007
  • The DNP dissector could cause memory corruption. CVE: CAN-2005-0008
  • The Gnutella dissector could cuase an assertion. CVE: CAN-2005-0009
  • The MMSE dissector could free statically-allocated memory. CVE: CAN-2005-0010
  • The X11 dissector is vulnerable to a string buffer overflow. CVE: CAN-2005-0084

Impact: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.


Discovery 2005-01-18
Entry 2005-02-08
ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.10 lt 0.10.9

CVE-2005-0006
CVE-2005-0007
CVE-2005-0008
CVE-2005-0009
CVE-2005-0010
CVE-2005-0084
12326
http://www.ethereal.com/appnotes/enpa-sa-00017.html
8a835235-ae84-11dc-a5f9-001a4d49522bwireshark -- multiple vulnerabilities

The Wireshark team reports of multiple vulnerabilities:

  • Wireshark could crash when reading an MP3 file.
  • Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet.
  • Stefan Esser discovered a buffer overflow in the SSL dissector.
  • The ANSI MAP dissector could be susceptible to a buffer overflow on some platforms.
  • The Firebird/Interbase dissector could go into an infinite loop or crash.
  • The NCP dissector could cause a crash.
  • The HTTP dissector could crash on some systems while decoding chunked messages.
  • The MEGACO dissector could enter a large loop and consume system resources.
  • The DCP ETSI dissector could enter a large loop and consume system resources.
  • Fabiodds discovered a buffer overflow in the iSeries (OS/400) Communication trace file parser.
  • The PPP dissector could overflow a buffer.
  • The Bluetooth SDP dissector could go into an infinite loop.
  • A malformed RPC Portmap packet could cause a crash.
  • The IPv6 dissector could loop excessively.
  • The USB dissector could loop excessively or crash.
  • The SMB dissector could crash.
  • The RPL dissector could go into an infinite loop.
  • The WiMAX dissector could crash due to unaligned access on some platforms.
  • The CIP dissector could attempt to allocate a huge amount of memory and crash.

Impact

It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.


Discovery 2007-12-19
Entry 2007-12-19
Modified 2007-12-22
wireshark
wireshark-lite
ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.16 lt 0.99.7

CVE-2007-6112
CVE-2007-6113
CVE-2007-6114
CVE-2007-6115
CVE-2007-6117
CVE-2007-6118
CVE-2007-6120
CVE-2007-6121
CVE-2007-6438
CVE-2007-6439
CVE-2007-6441
CVE-2007-6450
CVE-2007-6451
http://www.wireshark.org/security/wnpa-sec-2007-03.html
a2d4a330-4d54-11de-8811-0030843d3802wireshark -- PCNFSD Dissector Denial of Service Vulnerability

Secunia reports:

A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS.

The vulnerability is caused due to an error in the PCNFSD dissector and can be exploited to cause a crash via a specially crafted PCNFSD packet.


Discovery 2009-05-21
Entry 2009-05-30
Modified 2010-05-02
ethereal
ethereal-lite
tethereal
tethereal-lite
wireshark
wireshark-lite
lt 1.0.8

CVE-2009-1829
http://secunia.com/advisories/35201/
http://www.wireshark.org/security/wnpa-sec-2009-03.html
baece347-c489-11dd-a721-0030843d3802wireshark -- SMTP Processing Denial of Service Vulnerability

Secunia reports:

A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS.

The vulnerability is caused due to an error in the SMTP dissector and can be exploited to trigger the execution of an infinite loop via a large SMTP packet.


Discovery 2008-11-24
Entry 2008-12-07
wireshark
wireshark-lite
ethereal
ethereal-lite
tethereal
tethereal-lite
lt 1.0.4_1

CVE-2008-5285
http://secunia.com/advisories/32840/
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html
cb470368-94d2-11d9-a9e0-0001020eed82ethereal -- multiple protocol dissectors vulnerabilities

An Ethreal Security Advisories reports:

Issues have been discovered in the following protocol dissectors:

  • Matevz Pustisek discovered a buffer overflow in the Etheric dissector. CVE: CAN-2005-0704
  • The GPRS-LLC dissector could crash if the "ignore cipher bit" option was enabled. CVE: CAN-2005-0705
  • Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector. This flaw was later reported by Leon Juranic. CVE: CAN-2005-0699
  • Leon Juranic discovered a buffer overflow in the IAPP dissector. CVE: CAN-2005-0739
  • A bug in the JXTA dissector could make Ethereal crash.
  • A bug in the sFlow dissector could make Ethereal crash.

Discovery 2005-03-09
Entry 2005-03-14
Modified 2005-06-24
ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.9.1 lt 0.10.10

12759
CVE-2005-0699
CVE-2005-0704
CVE-2005-0705
CVE-2005-0739
http://www.ethereal.com/appnotes/enpa-sa-00018.html
cdf18ed9-7f4a-11d8-9645-0020ed76ef5amultiple vulnerabilities in ethereal

Stefan Esser of e-matters Security discovered a baker's dozen of buffer overflows in Ethereal's decoders, including:

  • NetFlow
  • IGAP
  • EIGRP
  • PGM
  • IRDA
  • BGP
  • ISUP
  • TCAP
  • UCP

In addition, a vulnerability in the RADIUS decoder was found by Jonathan Heusser.

Finally, there is one uncredited vulnerability described by the Ethereal team as:

A zero-length Presentation protocol selector could make Ethereal crash.


Discovery 2004-03-23
Entry 2004-03-26
Modified 2004-07-11
ethereal
tethereal
lt 0.10.3

http://www.ethereal.com/appnotes/enpa-sa-00013.html
CVE-2004-0176
CVE-2004-0365
CVE-2004-0367
119876
124454
125156
433596
591820
644886
659140
695486
740188
792286
864884
931588
http://security.e-matters.de/advisories/032004.html
http://secunia.com/advisories/11185
9952
http://www.osvdb.org/4462
http://www.osvdb.org/4463
http://www.osvdb.org/4464
defce068-39aa-11de-a493-001b77d09812wireshark -- multiple vulnerabilities

Wireshark team reports:

Wireshark 1.0.7 fixes the following vulnerabilities:

  • The PROFINET dissector was vulnerable to a format string overflow. (Bug 3382) Versions affected: 0.99.6 to 1.0.6, CVE-2009-1210.
  • The Check Point High-Availability Protocol (CPHAP) dissector could crash. (Bug 3269) Versions affected: 0.9.6 to 1.0.6; CVE-2009-1268.
  • Wireshark could crash while loading a Tektronix .rf5 file. (Bug 3366) Versions affected: 0.99.6 to 1.0.6, CVE-2009-1269.

Discovery 2009-04-06
Entry 2009-05-09
Modified 2009-05-13
ethereal
ethereal-lite
tethereal
tethereal-lite
wireshark
wireshark-lite
lt 1.0.7

34291
34457
CVE-2009-1210
CVE-2009-1268
CVE-2009-1269
http://www.wireshark.org/security/wnpa-sec-2009-02.html
http://secunia.com/advisories/34542
efa1344b-5477-11d9-a9e7-0001020eed82ethereal -- multiple vulnerabilities

An Ethreal Security Advisories reports:

Issues have been discovered in the following protocol dissectors:

  • Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash.
  • An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling available disk space.
  • The HTTP dissector could access previously-freed memory, causing a crash.
  • Brian Caswell discovered that an improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization.

Impact: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.


Discovery 2004-12-14
Entry 2004-12-23
ethereal
ethereal-lite
tethereal
tethereal-lite
lt 0.10.8

CVE-2004-1139
CVE-2004-1140
CVE-2004-1141
CVE-2004-1142
http://www.ethereal.com/appnotes/enpa-sa-00016.html
f6f19735-9245-4918-8a60-87948ebb4907wireshark -- multiple vulnerabilities

Vendor reports:

On non-Windows systems Wireshark could crash if the HOME environment variable contained sprintf-style string formatting characters. Wireshark could crash while reading a malformed NetScreen snoop file. Wireshark could crash while reading a Tektronix K12 text capture file.


Discovery 2009-02-06
Entry 2009-03-22
Modified 2010-05-02
ethereal
ethereal-lite
tethereal
tethereal-lite
wireshark
wireshark-lite
lt 1.0.6

CVE-2009-0599
CVE-2009-0600
CVE-2009-0601
http://www.wireshark.org/security/wnpa-sec-2009-01.html