SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Ethereal Vendors:  Ethereal.com
Ethereal ~20 Dissector Bugs Let Remote Users Deny Service or Execute Arbitrary Code
SecurityTracker Alert ID:  1014583
SecurityTracker URL:  http://securitytracker.com/id?1014583
CVE Reference:  CAN-2005-2360 ,  CAN-2005-2361 ,  CAN-2005-2362 ,  CAN-2005-2363 ,  CAN-2005-2364 ,  CAN-2005-2365 ,  CAN-2005-2366 ,  CAN-2005-2367   (Links to External Site)
Updated:  Aug 12 2005
Original Entry Date:  Jul 27 2005
Impact:  Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 0.8.5 up to and including 0.10.11
Description:  Several vulnerabilities were reported in Ethereal, affecting at least 20 dissectors. A remote user can cause denial of service conditions. A remote user can execute arbitrary code on the target system.

A remote user can create a specially crafted packet and send the packet via a network that is monitored by Ethereal to cause Ethereal to crash or potentially execute arbitrary code. A remote user can also create a specially crafted packet trace file that, when loaded by the target Ethereal application, will trigger the vulnerabilities.

A remote user can cause the AgentX, BER, CAMEL, DCERPC, DHCP, DOCSIS, HTTP, IS-IS LSP, LDAP, NCP, PER, RADIUS, SCTP, and Telnet dissectors to crash. Some other unspecified dissectors may crash while reassembling packets.

A remote user can cause the 802.3, BER, DHCP, H1, MEGACO, and SMPP dissectors to enter an infinite loop.

A remote user can trigger a null pointer dereference in the CAMEL, GIOP, and WBXML dissectors.

A remote user can trigger a buffer overflow in the SMB dissector.

A remote user can cause the SMB dissector to enter "a large loop."

Several unspecified dissectors contain a format string overflow.

Steve Grubb at Red Hat is credited with discovering some of the vulnerabilities. iDEFENSE is credited with discovering some of the vulnerabilities.
Impact:  A remote user can cause Ethereal to crash, consume memory on the target system, or execute arbitrary code with the privileges of the Ethereal process.
Solution:  The vendor has issued a fixed version (0.10.12), available at:

http://www.ethereal.com/download.html
Vendor URL:  www.ethereal.com/appnotes/enpa-sa-00020.html (Links to External Site)
Cause:  Boundary error, Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 12 2005 (Red Hat Issues Fix) Ethereal ~20 Dissector Bugs Let Remote Users Deny Service or Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix.


 Source Message Contents
Date:  Tue, 26 Jul 2005 21:07:17 -0400
Subject:  http://www.ethereal.com/appnotes/enpa-sa-00020.html

 
 
 
> Name: Multiple problems in Ethereal versions 0.8.5 to 0.10.10
 
> Docid: enpa-sa-00020
 
> Versions affected: 0.8.5 up to and including 0.10.11
 
> Severity: High


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC