Ethereal OSI Dissector Overflow

2003-06-11T16:55:21
ID OSVDB:4478
Type osvdb
Reporter Timo Sirainen()
Modified 2003-06-11T16:55:21

Description

Vulnerability Description

A remote overflow exists in Ethereal. The OSI dissector fails to properly check bounds on the prefix length of IPv4 or IPv6 packets, resulting in a buffer overflow. With a specially crafted packet, an attacker can potentially execute arbitrary code resulting in a loss of integrity and/or availability.

Solution Description

Upgrade to version 0.9.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Ethereal. The OSI dissector fails to properly check bounds on the prefix length of IPv4 or IPv6 packets, resulting in a buffer overflow. With a specially crafted packet, an attacker can potentially execute arbitrary code resulting in a loss of integrity and/or availability.

References:

Vendor Specific Advisory URL Security Tracker: 1006974 Secunia Advisory ID:9007 Related OSVDB ID: 4479 Related OSVDB ID: 2177 Related OSVDB ID: 4477 Related OSVDB ID: 4480 RedHat RHSA: RHSA-2003:203-05 ISS X-Force ID: 12317 CVE-2003-0429 Bugtraq ID: 7880