Ethereal SIP Dissector DoS

2004-03-22T02:02:05
ID OSVDB:6131
Type osvdb
Reporter Martin Regner()
Modified 2004-03-22T02:02:05

Description

Vulnerability Description

Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered due to an error within the handling of SIP (Session Initiation Protocol) packets, and will result in loss of availability for the application.

Solution Description

Upgrade to version 0.10.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered due to an error within the handling of SIP (Session Initiation Protocol) packets, and will result in loss of availability for the application.

References:

Vendor URL: http://www.ethereal.com/download.html Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11608 Secunia Advisory ID:11776 Related OSVDB ID: 6133 Related OSVDB ID: 6134 Related OSVDB ID: 6132 Other Advisory URL: http://www.ethereal.com/appnotes/enpa-sa-00014.html Keyword: enpa-sa-00014