CVE-2006-3628

CVSS V2 High 10 CVSS V3 None

Description

Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.

Overview

CVE ID
CVE-2006-3628

Assigner
secalert@redhat.com

Vulnerability Status
Modified

Published Version
2006-07-21T14:03:00

Last Modified Date
2018-10-18T16:48:31

Weakness Enumerations

CWE	URL
CWE-134	http://cwe.mitre.org/data/definitions/134.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:a:ethereal_group:ethereal:0.10:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.0:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.0a:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.1:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.2:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.3:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.4:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.5:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.6:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.7:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.8:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.9:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.10:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.11:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.12:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.13:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.10.14:::::::*	1	OR
cpe:2.3:a:ethereal_group:ethereal:0.99.0:::::::*	1	OR
cpe:2.3:a:wireshark:wireshark:0.10:::::::*	1	OR
cpe:2.3:a:wireshark:wireshark:0.10.4:::::::*	1	OR
cpe:2.3:a:wireshark:wireshark:0.10.13:::::::*	1	OR
cpe:2.3:a:wireshark:wireshark:0.99:::::::*	1	OR
cpe:2.3:a:wireshark:wireshark:0.99.1:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
COMPLETE

Integrity Impact
COMPLETE

Availability Impact
COMPLETE

Base Score
10

Severity
HIGH

Exploitability Score
10

Impact Score
10

References

Reference URL	Reference Tags
http://www.wireshark.org/security/wnpa-sec-2006-01.html	Patch
http://www.securityfocus.com/bid/19051	Patch
http://secunia.com/advisories/21078	Patch Vendor Advisory
http://secunia.com/advisories/21107	Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200607-09.xml
http://secunia.com/advisories/21121	Vendor Advisory
http://secunia.com/advisories/21204	Vendor Advisory
https://issues.rpath.com/browse/RPL-512
http://www.debian.org/security/2006/dsa-1127
http://securitytracker.com/id?1016532
http://secunia.com/advisories/21249	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0602.html
http://www.novell.com/linux/security/advisories/2006_20_sr.html
http://secunia.com/advisories/21488	Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
http://secunia.com/advisories/21598	Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm
http://secunia.com/advisories/22089	Vendor Advisory
http://secunia.com/advisories/21467	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:128
http://www.osvdb.org/27369
http://www.osvdb.org/27363
http://www.osvdb.org/27364
http://www.osvdb.org/27362
http://www.vupen.com/english/advisories/2006/2850	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27828
https://exchange.xforce.ibmcloud.com/vulnerabilities/27825
https://exchange.xforce.ibmcloud.com/vulnerabilities/27824
https://exchange.xforce.ibmcloud.com/vulnerabilities/27823
https://exchange.xforce.ibmcloud.com/vulnerabilities/27822
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9175
http://www.securityfocus.com/archive/1/440576/100/0/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2006-3628
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3628

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:06:37				Added to TrackCVE