CVE-2005-2367

Ethereal 0.9.4-0.10.11 - Remote Code Execution via AFP Packet Format String

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2367. PoCs published by vade79.

AI-analyzed exploit summary This exploit targets a format string vulnerability in Ethereal's AFP dissector (CVE-2005-2367), allowing remote code execution via crafted packets sent to port 548 or other unused ports. It uses a format string attack to overwrite memory addresses and redirect execution to shellcode.

Description

Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.

Exploits (1)

exploitdb WORKING POC VERIFIED
by vade79 · cremotelinux
https://www.exploit-db.com/exploits/1139

This exploit targets a format string vulnerability in Ethereal's AFP dissector (CVE-2005-2367), allowing remote code execution via crafted packets sent to port 548 or other unused ports. It uses a format string attack to overwrite memory addresses and redirect execution to shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: Ethereal v0.10.0 to v0.10.11
No auth needed
Prerequisites: Ethereal running in verbose mode (-V option) · Network access to target · Knowledge of target memory layout for address calculation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Patch, URL Repurposed x_refsource_confirm
http://www.ethereal.com/appnotes/enpa-sa-00020.html
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_18_sr.html
Patch vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200507-27.xml
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_19_sr.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10765
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-687.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-853
Vendor Advisory third-party-advisory x_refsource_idefense
http://www.idefense.com/application/poi/display?id=289&type=vulnerabilities
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16225/
Patch, Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2005:131
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14399
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17102

Scores

EPSS 0.0614
EPSS Percentile 92.5%

Details

Status published
Products (25)
ethereal_group/ethereal 0.9.4
ethereal_group/ethereal 0.9.5
ethereal_group/ethereal 0.9.6
ethereal_group/ethereal 0.9.7
ethereal_group/ethereal 0.9.8
ethereal_group/ethereal 0.9.9
ethereal_group/ethereal 0.9.10
ethereal_group/ethereal 0.9.11
ethereal_group/ethereal 0.9.12
ethereal_group/ethereal 0.9.13
... and 15 more
Published Aug 10, 2005
Tracked Since Feb 18, 2026