CVE-2004-0634

Severity

50%

Complexity

99%

Confidentiality

48%

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 20 years ago

2004-12-06 05:00:00

Last updated 7 years ago

2017-10-11 01:29:00

Affected Software

Gentoo Linux

MandrakeSoft Mandrake Linux 9.2

9.2

MandrakeSoft Mandrake Linux 10.0

10.0

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381

CLA-2005:916

12024

1010655

http://www.ethereal.com/appnotes/enpa-sa-00015.html

GLSA-200407-08

Patch, Vendor Advisory

VU#518782

US Government Resource

MDKSA-2004:067

Patch, Vendor Advisory

FEDORA-2004-219

Patch, Vendor Advisory

FEDORA-2004-220

Patch, Vendor Advisory

RHSA-2004:378

ethereal-smb-sid-dos(16631)

oval:org.mitre.oval:def:10252

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.