Ethereal: [Ethereal-dev] Possibly incorrect CVE entry CAN-2004-0367

Ethereal-dev: April 2004

Subject: [Ethereal-dev] Possibly incorrect CVE entry CAN-2004-0367
From: Michael Schloh von Bennewitz <michael.schloh@xxxxxx>
Date: Fri, 16 Apr 2004 12:10:51 +0200

Hello,

I see from your CVS archives that ISO 8823 Presentation Protocol
support was first integrated in Ethereal in version 0.10.1 [0]. If
this is true, then the Common Vulnerabilities and Exposures
identifier CAN-2004-0367 [1] incorrectly suggests that earlier versions
are affected by a presentation protocol bug:

  ``Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause
    a denial of service (crash) via a zero-length Presentation
    protocol selector.=B4=B4

The CVE text should probably be changed to name versions 0.10.1 to
0.10.2 as affected. You might consider writing to them [2] if you
agree with my finding.

[0] http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-pres.c
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0367
[2] cve@xxxxxxxxx

-- 
michael.schloh@xxxxxx
Development Team, Operations Northern Europe
Cable & Wireless Telecommunications Services

Attachment: pgpIflxIR5Sga.pgp
Description: PGP signature

Prev by Date: RE: [Ethereal-dev] [RFC] Proposal for Print, Save and Export func tionality
Next by Date: Re: [Ethereal-dev] Need help with protocol that spans multiple TVBs
Previous by thread: RE: [Ethereal-dev] [RFC] Proposal for Print, Save and Export func tionality
Next by thread: [Ethereal-dev] H.223
Index(es):
- Date
- Thread