Ethereal AIM Dissector DoS

2004-03-22T02:02:05
ID OSVDB:6132
Type osvdb
Reporter OSVDB
Modified 2004-03-22T02:02:05

Description

Vulnerability Description

Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered due to an error within the AIM protocol dissector. When AIM protocol dissector throws an assertion, it will cause Ethereal to terminate abnormally and result in loss of availability.

Solution Description

Upgrade to version 0.10.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered due to an error within the AIM protocol dissector. When AIM protocol dissector throws an assertion, it will cause Ethereal to terminate abnormally and result in loss of availability.

References:

Vendor Specific Solution URL: http://www.ethereal.com/download.html Vendor Specific Advisory URL Secunia Advisory ID:11608 Secunia Advisory ID:11776 Related OSVDB ID: 6131 Related OSVDB ID: 6133 Related OSVDB ID: 6134 Other Advisory URL: http://www.ethereal.com/appnotes/enpa-sa-00014.html