Ethereal 802.3 Dissector Infinite Loop DoS

2005-07-26T05:38:03
ID OSVDB:18364
Type osvdb
Reporter OSVDB
Modified 2005-07-26T05:38:03

Description

Vulnerability Description

Ethereal contains an unspecified flaw that may allow a remote denial of service. The issue is related to the 802.3 dissector, which could go into an infinite loop and result in loss of availability for the application.

Technical Description

This issue was discovered by the vendor's testing program. Whether an attacker could exploit the falw is unknown.

Solution Description

Upgrade to version 0.10.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Ethereal contains an unspecified flaw that may allow a remote denial of service. The issue is related to the 802.3 dissector, which could go into an infinite loop and result in loss of availability for the application.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1014583 Secunia Advisory ID:16249 Secunia Advisory ID:16644 Secunia Advisory ID:16743 Secunia Advisory ID:16276 Secunia Advisory ID:16399 Secunia Advisory ID:17102 Secunia Advisory ID:16225 Secunia Advisory ID:16535 RedHat RHSA: RHSA-2005:687 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200507-27.xml Other Advisory URL: http://www.debian.org/security/2005/dsa-853 Other Advisory URL: http://www.novell.com/linux/security/advisories/2005_19_sr.html Keyword: enpa-sa-00020 ISS X-Force ID: 21569 CVE-2005-2363 Bugtraq ID: 14399