SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Wireshark Vendors:   Wireshark.org
Ethereal SNMP Processing Bug Lets Remote Users Crash the Network Sniffer
SecurityTracker Alert ID:  1003653
SecurityTracker URL:  http://securitytracker.com/id/1003653
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 25 2002
Impact:   Denial of service via network
Exploit Included:  Yes  

Description:   A denial of service vulnerability has been reported in the Ethereal network sniffing software. A remote user can cause the application to crash.

SecurityFocus has reported a denial of service vulnerability and a potential buffer overflow vulnerability in the Ethereal packet sniffer.

According to the report, a remote user can created a specific malformed SNMP packet that will cause Ethereal to crash when it reads the packet. The report also indicates that this behavior may be due to a buffer overflow that may potentially be exploitable (however, that has not been confirmed).

This vulnerability can reporteldy be triggered using the Protos SNMP test "set-req-ber-l-length" in the category of "Invalid BER length (L) fields."

This information is based on a Feb 19 2002 message from Information Security <informationsecurity@federatedinv.com>.

Impact:   A remote user can cause the Ethereal sniffer to crash. A remote user may be able to execute arbitrary code on the sniffer (however, that has not been confirmed).
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.ethereal.com (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Current Version is Not Vulnerable) Re: Ethereal SNMP Processing Bug Lets Remote Users Crash the Network Sniffer
The current version is reported to be not vulnerable.
(Conectiva Issues Fix) Re: Ethereal SNMP Processing Bug Lets Remote Users Crash the Network Sniffer
Conectiva has issued a fix.



 Source Message Contents

Subject:  Ethereal Malformed SNMP Denial of Service Vulnerability


SecurityFocus has reported a denial of service vulnerability and a
potential buffer overflow vulnerability in the Ethereal packet sniffer.

According to the report, "It is reported to crash when it receives
(i.e., intercepts) a specific malformed SNMP packet. This is at the
least a denial of service, but may also be an exploitable buffer
overflow issue."

This apparently occurs when using the Protos SNMP test
"set-req-ber-l-length" in the category of "Invalid BER length (L)
fields".

This information is based on a Feb 19 2002 message from Information
Security <informationsecurity@federatedinv.com

Vendor URL:  http://www.ethereal.com/


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC