Vulnerability Description
Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possibly related to a missing field for EndVerifyAck messages.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ethereal Group | Ethereal | <= 0.9.7 |
References
- http://www.ethereal.com/appnotes/enpa-sa-00007.htmlPatchVendor AdvisoryURL Repurposed
- http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-lmp.c#rev1.13URL Repurposed
- http://www.redhat.com/support/errata/RHSA-2002-290.htmlPatchVendor Advisory
- http://www.ethereal.com/appnotes/enpa-sa-00007.htmlPatchVendor AdvisoryURL Repurposed
- http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-lmp.c#rev1.13URL Repurposed
- http://www.redhat.com/support/errata/RHSA-2002-290.htmlPatchVendor Advisory
FAQ
What is CVE-2002-1356?
CVE-2002-1356 is a vulnerability with a CVSS score of 7.5 (HIGH). Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possib...
How severe is CVE-2002-1356?
CVE-2002-1356 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1356?
Check the references section above for vendor advisories and patch information. Affected products include: Ethereal Group Ethereal.