SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Wireshark Vendors:   Wireshark.org
Ethereal Overflows in Multiple Dissectors Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1006712
SecurityTracker URL:  http://securitytracker.com/id/1006712
CVE Reference:   CAN-2003-0356, CAN-2003-0357   (Links to External Site)
Updated:  Mar 6 2004
Original Entry Date:  May 7 2003
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.11 and prior versions
Description:   Some off-by-one buffer overflows and integer overflow vulnerabilities were reported in the Ethereal network sniffer. A remote user could cause Ethereal to crash or to execute arbitrary code.

The vendor reported that some Ethereal dissectors use the tvb_get_nstringz() and tvb_get_nstringz0() in an unsafe manner.

A remote user may be able to create a specially crafted packet that will trigger an single byte overflow in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors [CVE: CAN-2003-0356]. An integer overflow is also reported in the Mount and PPP dissectors [CVE: CAN-2003-0357]. A remote user can cause Ethereal to crash or execute arbitrary code.

The vendor credits Timo Sirainen with discovering these flaws.
Impact:   A remote user can send a packet to or via a network that is monitored by Ethereal to cause the Ethereal sniffer to crash or to execute arbitary code.
Solution:   The vendor recommends that users upgrade to 0.9.12:

http://www.ethereal.com/download.html
Vendor URL:  www.ethereal.com/appnotes/enpa-sa-00009.html (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Tue, 06 May 2003 23:04:50 -0400
Subject:  Ethereal vulnerabilities


http://www.ethereal.com/appnotes/enpa-sa-00009.html

An off-by-one vulnerability was reported in the Ethereal network sniffer version 0.9.11 
and prior versions.

The vendor reported that some Ethereal dissectors use the tvb_get_nstringz() and 
tvb_get_nstringz0() in an unsafe manner.

A remote user may be able to create a specially crafted packet that will trigger an single 
byte overflow in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, 
SMPP, and TSP dissectors.  An integer overflow is also reported in the Mount and PPP 
dissectors.  A remote user can cause Ethereal to crash or execute arbitrary code.

The vendor recommends that users upgrade to 0.9.12:

http://www.ethereal.com/download.html

-----

Docid: enpa-sa-00009

Date: May 1, 2003

Severity: High


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC