{"vuid":"VU#361700","idnumber":"361700","name":"Ethereal contains integer overflow in PPP dissector","keywords":["Ethereal","integer overflow","PPP dissector"],"overview":"Ethereal is a network traffic analysis package. The PPP packet dissector contains a vulnerability that may result in the execution of arbitrary code.","clean_desc":"The PPP packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory, tvb_get_nstringz() and tvb_get_nstringz0() were used in an unsafe manner. Versions 0.9.11 and earlier of Ethereal are affected.","impact":"It may be possible for a remote attacker to crash the program or run arbitrary code on the system via a crafted packet.","resolution":"Upgrade to version 0.9.12 which resolves this issue.","workarounds":"","sysaffected":"","thanks":"Thanks to Timo Sirainen for reporting this vulnerability.","author":"This document was written by Jason A Rafail and is based upon information in the Ethereal Advisory.","public":["h","t","t","p",":","/","/","w","w","w",".","e","t","h","e","r","e","a","l",".","c","o","m","/","a","p","p","n","o","t","e","s","/","e","n","p","a","-","s","a","-","0","0","0","0","9",".","h","t","m","l"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-05-09T13:32:24Z","publicdate":"2003-05-01T00:00:00Z","datefirstpublished":"2003-05-12T18:37:37Z","dateupdated":"2003-05-12T18:37:44Z","revision":5,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"14","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"10","cam_impact":"13","cam_easeofexploitation":"10","cam_attackeraccessrequired":"15","cam_scorecurrent":"6.946875","cam_scorecurrentwidelyknown":"9.140625","cam_scorecurrentwidelyknownexploited":"16.453125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.946875,"vulnote":null}