CVE-2002-0401

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name	Vendor	Start Version	End Version
Ethereal	Ethereal	*	0.9.3 (including)
Red Hat Linux 7.2	RedHat		*
Red Hat Linux 7.3	RedHat		*
Red Hat Powertools 6.2	RedHat		*
Red Hat Powertools 7.0	RedHat		*
Red Hat Powertools 7.1	RedHat		*

Potential Mitigations

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000505
http://marc.info/?l=bugtraq\u0026m=102268626526119\u0026w=2
http://www.debian.org/security/2002/dsa-130
http://www.ethereal.com/appnotes/enpa-sa-00004.html
http://www.iss.net/security_center/static/9204.php
http://www.redhat.com/support/errata/RHSA-2002-036.html
http://www.redhat.com/support/errata/RHSA-2002-088.html
http://www.securityfocus.com/bid/4806
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000505
http://marc.info/?l=bugtraq\u0026m=102268626526119\u0026w=2
http://www.debian.org/security/2002/dsa-130
http://www.ethereal.com/appnotes/enpa-sa-00004.html
http://www.iss.net/security_center/static/9204.php
http://www.redhat.com/support/errata/RHSA-2002-036.html
http://www.redhat.com/support/errata/RHSA-2002-088.html
http://www.securityfocus.com/bid/4806

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0401
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References