Ethereal DCERPC Dissector DoS

2003-06-11T16:55:21
ID OSVDB:4477
Type osvdb
Reporter Timo Sirainen()
Modified 2003-06-11T16:55:21

Description

Vulnerability Description

Ethereal contains a flaw that may allow a remote denial of service. The issue can be triggered if the DCERPC decoder attempts to parse NDR strings and could result in Ethereal using all available memory resulting in a loss of availability for the service, and potentially the platform.

Solution Description

Upgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Ethereal contains a flaw that may allow a remote denial of service. The issue can be triggered if the DCERPC decoder attempts to parse NDR strings and could result in Ethereal using all available memory resulting in a loss of availability for the service, and potentially the platform.

References:

Vendor Specific Advisory URL Security Tracker: 1006974 Secunia Advisory ID:9007 Related OSVDB ID: 4479 Related OSVDB ID: 2177 Related OSVDB ID: 4478 Related OSVDB ID: 4480 RedHat RHSA: RHSA-2003:203-05 ISS X-Force ID: 12316 Generic Informational URL: http://www.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19 CVE-2003-0428 Bugtraq ID: 7878