Ethereal SPNEGO Dissector DoS

2003-06-11T00:00:00
ID OSVDB:2177
Type osvdb
Reporter Timo Sirainen()
Modified 2003-06-11T00:00:00

Description

Vulnerability Description

Ethereal contains a flaw that may allow a remote denial of service. The issue can be triggered when the SPNEGO dissector is used and an invalid ASN.1 value is parsed, and will result in loss of availability for the service.

Solution Description

Upgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable the SPNEGO protocol dissector by selecting Analyze->Enabled Protocols... and deselecting the SPNEGO-KRB5 protocol from the list

Short Description

Ethereal contains a flaw that may allow a remote denial of service. The issue can be triggered when the SPNEGO dissector is used and an invalid ASN.1 value is parsed, and will result in loss of availability for the service.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1006974 Secunia Advisory ID:9007 Related OSVDB ID: 4479 Related OSVDB ID: 4477 Related OSVDB ID: 4478 Related OSVDB ID: 4480 ISS X-Force ID: 12318 CVE-2003-0430 Bugtraq ID: 7879