Ethereal Network Sniffer Buffer Overflow in Processing the ISIS Protocol May Let Remote Users Crash the Sniffer or Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1005092 |
|
SecurityTracker URL: http://securitytracker.com/id/1005092
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Aug 21 2002
|
Impact:
Denial of service via network, Execution of arbitrary code via network, Root access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 0.9.5 and prior versions
|
Description:
A buffer overflow vulnerability was reported in the Ethereal network sniffer in the ISIS protocol dissector. A remote user may be able to cause the sniffer to crash or possibly execute arbitrary code.
It is reported that a remote user can inject a specially crafted and malformed packet (either over the network or via a packet trace file) to trigger the buffer overflow.
|
Impact:
A remote user can cause Ethereal to crash. A remote user may be able to cause Ethereal to execute arbitrary code.
|
Solution:
The vendor has released a fixed version (0.9.6), available at:
http://www.ethereal.com/download.html
If you are running a version prior to 0.9.6, you can disable the ISIS protocol dissector by selecting Edit->Protocols... and deselecting "isis" from the list.
|
Vendor URL: www.ethereal.com/appnotes/enpa-sa-00006.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 21 Aug 2002 01:34:07 -0400
Subject: Ethereal bug
|
This is a multi-part message in MIME format.
--------------33204F62220E416AC1C21F0A
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
http://packetstorm.decepticons.org/advisories/misc/enpa-sa-00006.txt
--------------33204F62220E416AC1C21F0A
Content-Type: text/plain; charset=us-ascii;
name="enpa-sa-00006.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="enpa-sa-00006.txt"
Ethereal
Sniffing the glue that holds the Internet together
Search: __________ options
[ Application Notes | Summary | Details | Home ]
SUMMARY
Name: Potential issue with Ethereal 0.9.5
Docid: enpa-sa-00006
Date: August 20, 2002
Severity: High
DETAILS
Description:
The ISIS protocol dissector in Ethereal 0.9.5 and earlier versions is
susceptible to a buffer overflow. In order to determine which version of
Ethereal you have installed, do one of the following:
* Load Ethereal and go to the Help->About Ethereal... menu item.
* From the command line run
ethereal -v
or
tethereal -v
(the "v" is lowercase").
Either action will display the the application version along with the
libraries that Ethereal and Tethereal are linked with. If version
"0.9.5" or prior is displayed, the application is susceptible.
Impact:
It may be possible to make Ethereal crash or hang by injecting a
purposefully malformed packet onto the wire, or by convincing someone to
read a malformed packet trace file. It may be possible to make Ethereal
run arbitrary code by exploiting the buffer and pointer problems.
Resolution:
Upgrade to 0.9.6.
If you are running a version prior to 0.9.6, you can disable the ISIS
protocol dissector by selecting Edit->Protocols... and deselecting
"isis" from the list.
Support can be found on the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this page, please send email
to: ethereal-web[AT]ethereal.com
Last modified: Tue, August 20 2002.
--------------33204F62220E416AC1C21F0A--
|
|
