Summary
This host is installed with EtherApe and is prone to denial of service vulnerabilities.
Impact
Successful exploitation allows remote attackers to cause a NULL pointer dereference or cause a denial of service.
Impact Level: Application
Solution
Upgrade to EtherApe version 0.9.12 or later,
For updates refer to http://etherape.sourceforge.net/
Insight
The flaw is due to an error in the add_conversation function in 'conversations.c' when processing specially crafted RPC packet.
Affected
EtherApe version prior to 0.9.12
References
- http://etherape.sourceforge.net/NEWS.html
- http://osvdb.org/show/osvdb/75609
- http://secunia.com/advisories/45989
- http://sourceforge.net/tracker/?func=detail&aid=3309061&group_id=2712&atid=102712
- http://www.openwall.com/lists/oss-security/2011/09/19/4
- http://www.openwall.com/lists/oss-security/2011/09/22/1
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3369 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Firefox XUL Parsing Denial of Service Vulnerability (Win)
- ClamAV 'parseicon()' Denial Of Service Vulnerability
- ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)
- EtherApe RPC Packet Processing Denial of Service Vulnerability
- Apache Tomcat Content-Type Header Denial Of Service Vulnerability