Ethereal DICOM, HTTP, and SMB Dissector Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Wireshark

Vendors: Wireshark.org

Ethereal DICOM, HTTP, and SMB Dissector Bugs Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1012528

SecurityTracker URL: http://securitytracker.com/id/1012528

CVE Reference: CAN-2004-1139, CAN-2004-1140, CAN-2004-1141, CAN-2004-1142 (Links to External Site)

Updated: Dec 19 2004

Original Entry Date: Dec 15 2004

Impact: Denial of service via network, Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 0.9.0 through 0.10.7

Description: Several vulnerabilities were reported in Ethereal, affecting the DICOM, HTTP, and SMB protocol dissectors. A remote user can cause the target service to crash or to execute arbitrary code.

The vendor reported an unspecified denial of service flaw in the DICOM dissector in versions 0.10.4 through 0.10.7 [CVE: CAN 2004-1139]. Matthew Bing is credited with discovering this flaw.

It is also reproted that a remote user can send a packet with an invalid RTP timestamp to cause the target Ethereal process to hang and create a large temporary file [CVE: CAN 2004-1140]. The temporary file may consume all available disk space. Versions 0.9.16 through 0.10.7 are affected.

It is also reported that a remote user can cause the HTTP dissector to access previously-freed memory and crash [CVE: CAN 2004-1141]. Versions 0.10.1 through 0.10.7 are affected.

It is also reported that a remote user can send a specially crafted SMB packet to cause the target Ethereal process to hang and consume all available CPU resources [CVE: CAN 2004-1142]. Versions 0.9.0 through 0.10.7 are affected. Brian Caswell is credited with discovering this flaw.

In each of these cases, a remote user can send a specially crafted packet to or via a network monitored by Ethereal to trigger the flaws. A remote user can also create a specially crafted packet trace file that, when played by the target user, will trigger the flaws.

Impact: A remote user can cause the target service to crash or to execute arbitrary code.

Solution: A fixed version (0.10.8) is available at:

http://www.ethereal.com/download.html

The vendor reports that, as a workaround, you can disable the HTTP, DICOM, and SMB protocol dissectors by selecting Analyze->Enabled Protocols... and deselecting them from the list.

Vendor URL: www.ethereal.com/appnotes/enpa-sa-00016.html (Links to External Site)

Cause: Access control error, Exception handling error, Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Dec 19 2004	(Gentoo Issues Fix) Ethereal DICOM, HTTP, and SMB Dissector Bugs Let Remote Users Execute Arbitrary Code (Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>) Gentoo has released a fix.
Dec 21 2004	(Debian Issues Fix) Ethereal DICOM, HTTP, and SMB Dissector Bugs Let Remote Users Execute Arbitrary Code (joey@infodrom.org (Martin Schulze)) Debian has released a fix.
Dec 24 2004	(Mandrake Issues Fix) Ethereal DICOM, HTTP, and SMB Dissector Bugs Let Remote Users Execute Arbitrary Code (Mandrake Linux Security Team <security@linux-mandrake.com>) Mandrake has released a fix.
Jan 14 2005	(Conectiva Issues Fix) Ethereal DICOM, HTTP, and SMB Dissector Bugs Let Remote Users Execute Arbitrary Code (Conectiva Updates <secure@conectiva.com.br>) Conectiva has released a fix.
Feb 2 2005	(Red Hat Issues Fix) Ethereal DICOM, HTTP, and SMB Dissector Bugs Let Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has released a fix.
Feb 15 2005	(Red Hat Issues Fix) Ethereal DICOM, HTTP, and SMB Dissector Bugs Let Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has released a fix.

Source Message Contents

Date: Wed, 15 Dec 2004 02:26:13 -0500
Subject: http://www.ethereal.com/appnotes/enpa-sa-00016.html



> Name: Multiple problems in Ethereal versions 0.9.0 to 0.10.7

> Docid: enpa-sa-00016

> Versions affected: 0.9.0 up to and including 0.10.7

> Severity: High

Ethereal reported the following vulnerabilities [quoted]:

    * Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash.
      Versions affected: 0.10.4 - 0.10.7
      CAN: Unassigned

    * An invalid RTP timestamp could make Ethereal hang and create a large temporary 
      file, possibly filling available disk space.
      Versions affected: 0.9.16 - 0.10.7
      CAN: Unassigned

    * The HTTP dissector could access previously-freed memory, causing a crash.
      Versions affected: 0.10.1 - 0.10.7
      CAN: Unassigned

    * Brian Caswell discovered that an improperly formatted SMB packet could make 
      Ethereal hang, maximizing CPU utilization.
      Versions affected: 0.9.0 - 0.10.7
      CAN: Unassigned

A remote user can cause Ethereal to crash or to execute arbitrary code.

A fixed version (0.10.8) is available at:

http://www.ethereal.com/download.html

The vendor reports that, as a workaround, you can disable the HTTP, DICOM, and SMB 
protocol dissectors by selecting Analyze->Enabled Protocols... and deselecting them 
from the list.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC