Ethereal ANSI A Dissector Remote Format String

2005-05-04T14:02:08
ID OSVDB:16094
Type osvdb
Reporter Bryan Fulton()
Modified 2005-05-04T14:02:08

Description

Vulnerability Description

A remote format string handling flaw exists in Ethereal. The ANSI A dissector fails to validate user-supplied input. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 0.10.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote format string handling flaw exists in Ethereal. The ANSI A dissector fails to validate user-supplied input. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.ethereal.com/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1013889 Secunia Advisory ID:15144 Secunia Advisory ID:15280 Secunia Advisory ID:15314 Secunia Advisory ID:15629 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200505-03.xml Other Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-427.html Other Advisory URL: http://www.novell.com/linux/security/advisories/2005_14_sr.html Keyword: enpa-sa-00019 ISS X-Force ID: 20448 CVE-2005-1463 Bugtraq ID: 13504