Ethereal RADIUS Packet DoS

2004-03-22T00:00:00
ID OSVDB:4463
Type osvdb
Reporter Jonathan Heusser(jonny@drugphish.ch)
Modified 2004-03-22T00:00:00

Description

Vulnerability Description

Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered due to the 'dissect_attribute_value_pairs' function in packet-radius.c. It is possible for a remote attacker to send a specially crafted RADIUS packet, which triggers a NULL derefence and will result in loss of availability for the application.

Solution Description

Upgrade to version 0.10.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered due to the 'dissect_attribute_value_pairs' function in packet-radius.c. It is possible for a remote attacker to send a specially crafted RADIUS packet, which triggers a NULL derefence and will result in loss of availability for the application.

References:

Vendor URL: http://www.ethereal.com/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11185 Related OSVDB ID: 4464 Related OSVDB ID: 4462 Other Advisory URL: http://www.ethereal.com/appnotes/enpa-sa-00013.html Mail List Post: http://marc.theaimsgroup.com/?l=ethereal-dev&m=107962966700423&w=2 Keyword: enpa-sa-00013 ISS X-Force ID: 15571 CVE-2004-0365 CIAC Advisory: o-105 CERT VU: 124454