fkie_cve-2006-4805
Vulnerability from fkie_nvd
Published
2006-10-27 23:07
Modified
2025-04-09 00:30
Severity ?
Summary
epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded.
References
secalert@redhat.comftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
secalert@redhat.comhttp://secunia.com/advisories/22590Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/22659
secalert@redhat.comhttp://secunia.com/advisories/22672
secalert@redhat.comhttp://secunia.com/advisories/22692
secalert@redhat.comhttp://secunia.com/advisories/22797
secalert@redhat.comhttp://secunia.com/advisories/22841
secalert@redhat.comhttp://secunia.com/advisories/22929
secalert@redhat.comhttp://secunia.com/advisories/23096
secalert@redhat.comhttp://securitytracker.com/id?1017129
secalert@redhat.comhttp://support.avaya.com/elmodocs2/security/ASA-2006-255.htm
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/723736US Government Resource
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:195
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2006_65_ethereal.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2006-0726.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/450307/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/20762
secalert@redhat.comhttp://www.us.debian.org/security/2006/dsa-1201
secalert@redhat.comhttp://www.vupen.com/english/advisories/2006/4220
secalert@redhat.comhttp://www.wireshark.org/security/wnpa-sec-2006-03.html
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/29843
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-746
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10199
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22590Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22659
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22672
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22692
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22797
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22841
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22929
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23096
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017129
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/723736US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:195
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_65_ethereal.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0726.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/450307/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20762
af854a3a-2127-422b-91ae-364da2661108http://www.us.debian.org/security/2006/dsa-1201
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4220
af854a3a-2127-422b-91ae-364da2661108http://www.wireshark.org/security/wnpa-sec-2006-03.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29843
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-746
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10199
Impacted products
Vendor Product Version
wireshark wireshark 0.9.8
wireshark wireshark 0.9.10
wireshark wireshark 0.10
wireshark wireshark 0.10.4
wireshark wireshark 0.10.13
wireshark wireshark 0.99
wireshark wireshark 0.99.1
wireshark wireshark 0.99.2
wireshark wireshark 0.99.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "60178790-62CC-41A9-8B5A-78CF49069E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:0.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "41535173-00D3-4E52-9441-D7ED44BE9B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "589FBD3D-FFE4-4BB3-B5F9-7FF949212AE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4F19A6-98D5-4B6A-8AF0-D88561D50296",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:0.10.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D5E65C-08BF-480D-A7BE-1876E9AC93E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "503E7F73-0E2A-442C-9B76-679A2AD03052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:0.99.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C422E5-3252-48C2-B4FF-E32AA5463D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C43A78-E578-4B1C-8E33-24529E973E30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0D56DA6-3EB2-4074-8C43-A5FD93B1555B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded."
    },
    {
      "lang": "es",
      "value": "epan/dissectors/packet-xot.c en el separador XOT (dissect_xot_pdu) en Wireshark (antes conocido como Ethereal) 0.9.8 hasta la 0.99.3 permite a un atacante remoto provocar denegaci\u00f3n de servicio (consumo de memoria y caida) a trav\u00e9s de un paquete XOT codificado que crea un valor de longitud zero cuando est\u00e1 codificado."
    }
  ],
  "evaluatorSolution": "Update to version 0.99.4.\r\n",
  "id": "CVE-2006-4805",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-10-27T23:07:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22590"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22659"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22672"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22692"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22797"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22841"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22929"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23096"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1017129"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/723736"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:195"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2006_65_ethereal.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0726.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/450307/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/20762"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.us.debian.org/security/2006/dsa-1201"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/4220"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.wireshark.org/security/wnpa-sec-2006-03.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29843"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-746"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22672"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-255.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/723736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_65_ethereal.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0726.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/450307/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.us.debian.org/security/2006/dsa-1201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.wireshark.org/security/wnpa-sec-2006-03.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10199"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.