SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Wireshark Vendors:   Wireshark.org
Ethereal Network Sniffer Has Multiple Bugs That May Allow Remote Users to Send Packets to Execute Arbitrary Code or Cause the Sniffer to Hang or Crash
SecurityTracker Alert ID:  1004344
SecurityTracker URL:  http://securitytracker.com/id/1004344
CVE Reference:   CVE-2002-0012, CVE-2002-0013, CVE-2002-0353, CVE-2002-0401, CVE-2002-0402, CVE-2002-0403, CVE-2002-0404   (Links to External Site)
Date:  May 21 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.3 and prior
Description:   Several potential vulnerabilities have been reported in the Ethereal network sniffer. A remote user could cause the sniffer to crash or possibly execute arbitrary code.

According to the vendor, there are several bugs in Ethereal that could be exploited by remote users. A remote user could send a specially crafted packet over the network that Ethereal is monitoring to trigger these vulnerabilities. These security holes can also be triggered when a local user opens a malformed packet trace file.

The bugs are reported to exist in the following components:

- SMB dissector; a remote user could dereference a NULL pointer in two cases.
- X11 dissector; a remote user could trigger a buffer while parsing keysyms.
- DNS dissector; a remote user could create a malformed packet to cause this module to enter an infinite loop.
- GIOP dissector; a remote user could cause this module to allocate large amounts of memory.

Impact:   A remote user could cause Ethereal to hang or to crash or execute arbitrary code.
Solution:   The vendor has released a fixed version (0.9.4), available at:

http://www.ethereal.com/download.html

Vendor URL:  www.ethereal.com/appnotes/enpa-sa-00004.html (Links to External Site)
Cause:   Boundary error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Debian Issues Fix) Ethereal Network Sniffer Has Multiple Bugs That May Allow Remote Users to Send Packets to Execute Arbitrary Code or Cause the Sniffer to Hang or Crash
Debian has released a fix.
(Red Hat Issues Fix) Ethereal Network Sniffer Has Multiple Bugs That May Allow Remote Users to Send Packets to Execute Arbitrary Code or Cause the Sniffer to Hang or Crash
Red Hat has released a fix (7.2, 7.3).
(Conectiva Issues Fix) Ethereal Network Sniffer Has Multiple Bugs That May Allow Remote Users to Send Packets to Execute Arbitrary Code or Cause the Sniffer to Hang or Crash
Conectiva has released a fix.



 Source Message Contents

Subject:  Potential issues with Ethereal 0.9.3


SUMMARY

Name: Potential issues with Ethereal 0.9.3

Docid: enpa-sa-00004

Date: May 19, 2002

Severity: High

DETAILS

Description:

Four potential security issues have been discovered in Ethereal 0.9.3:

    * The SMB dissector could potentially dereference a NULL pointer in
two cases.

    * The X11 dissector could potentially overflow a buffer while
parsing keysyms.

    * The DNS dissector could go into an infinite loop while reading a
malformed packet.

    * The GIOP dissector could potentially allocate large amounts of
memory.

No known exploits exist "in the wild" at the present time for any of
these issues.

Versions prior to 0.9.3 are also subject to these bugs. In order to
determine which version of Ethereal you have installed, do one of the
following:

    * Load Ethereal and go to the Help->About Ethereal... menu item.

    * From the command line run

ethereal -v

      or

tethereal -v

      (the "v" is lowercase").

Either action will display the the application version along with the
libraries that Ethereal and Tethereal are linked with. If version
"0.9.3" or prior is displayed, the application is susceptible.

Impact:

It may be possible to make Ethereal crash or hang by injecting a
purposefully malformed packet onto the wire, or by convincing someone to
read a malformed packet trace file. It may be possible to make Ethereal
run arbitrary code by exploiting the buffer and pointer problems.

Resolution:

Upgrade to 0.9.4.

If you are running a version prior to 0.9.4, you can disable the
dissectors for each of these protocols by selecting Edit->Protocols...
and deselecting them from the list. 

http://www.ethereal.com/appnotes/enpa-sa-00004.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC