SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Wireshark Vendors:   Wireshark.org
Ethereal Buffer Overflows in GTP, ISAKMP, MEGACO, and SOCKS Dissectors Permit Remote Code Execution
SecurityTracker Alert ID:  1008076
SecurityTracker URL:  http://securitytracker.com/id/1008076
CVE Reference:   CVE-2003-0925, CVE-2003-0926, CVE-2003-0927   (Links to External Site)
Updated:  Dec 1 2003
Original Entry Date:  Nov 3 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.15
Description:   Vulnerabilities were reported in Ethereral in the GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors. A remote user can execute arbitrary code.

It is reported that a remote user can send a specially crafted packet via a network segment that is monitored by Ethereal to execute arbitrary code on the target system. Alternately, a user can create a specially crafted packet trace file that, when loaded by a target user, will cause Ethereal to execute arbitrary code.

The report indicates that an improperly formatted GTP MSISDN string can trigger a buffer overflow. Also, a heap overflow reportedly exists in the SOCKS dissector. Finally, a malformed ISAKMP or MEGACO packet can cause Ethereal (or Tethereal) to crash.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has released a fixed version (0.9.16), available at:

http://www.ethereal.com/download.html

For users that cannot upgrade, the vendor notes that you can disable the GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors by selecting Edit->Protocols... and deselecting them from the list.

Vendor URL:  www.ethereal.com/appnotes/enpa-sa-00011.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 10 2003 (Red Hat Issues Fix) Ethereal Buffer Overflows in GTP, ISAKMP, MEGACO, and SOCKS Dissectors Permit Remote Code Execution
Red Hat has released a fix.
Nov 13 2003 (Red Hat Issues Fix for Enterprise Linux) Ethereal Buffer Overflows in GTP, ISAKMP, MEGACO, and SOCKS Dissectors Permit Remote Code Execution
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Nov 26 2003 (Gentoo Issues Fix) Ethereal Buffer Overflows in GTP, ISAKMP, MEGACO, and SOCKS Dissectors Permit Remote Code Execution
Gentoo has released a fix.
Nov 28 2003 (Turbolinux Issues Fix) Re: Ethereal Buffer Overflows in GTP, ISAKMP, MEGACO, and SOCKS Dissectors Permit Remote Code Execution
Turbolinux has issued a fix.
Dec 10 2003 (Mandrake Issues Fix) Ethereal Buffer Overflows in GTP, ISAKMP, MEGACO, and SOCKS Dissectors Permit Remote Code Execution
Mandrake has issued a fix.
Jan 5 2004 (Debian Issues Fix) Ethereal Buffer Overflows in GTP, ISAKMP, MEGACO, and SOCKS Dissectors Permit Remote Code Execution
Debian has released a fix.



 Source Message Contents

Subject:  http://www.ethereal.com/appnotes/enpa-sa-00011.html


http://www.ethereal.com/appnotes/enpa-sa-00011.html

 > Docid: enpa-sa-00011
 >
 > Date: November 3, 2003
 >
 > Severity: High

Several security vulnerabilities were reported in Ethereal 0.9.15.

 >
 >     * An improperly formatted GTP MSISDN string could cause a buffer overflow.
 >     * A malformed ISAKMP or MEGACO packet could make Ethereal or Tethereal crash.
 >     * The SOCKS dissector was susceptible to a heap overlfow.


A remote user can reportedly cause Ethereal to crash or execute arbitrary code.

The vendor has released a fixed version (0.9.16), available at:

http://www.ethereal.com/download.html

For users that cannot upgrade, the vendor notes that you can disable the GTP, ISAKMP, 
MEGACO, and SOCKS protocol dissectors by selecting Edit->Protocols... and deselecting them 
from the list.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC