Ethereal SPNEGO Dissector DoS

2004-05-14T02:02:05
ID OSVDB:6133
Type osvdb
Reporter OSVDB
Modified 2004-05-14T02:02:05

Description

Vulnerability Description

Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered by sending malformed traffic which causes a null pointer dereference in the SPNEGO dissector, and will result in loss of availability for the product.

Solution Description

Upgrade to version 0.10.4 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable SPNEGO protocol dissector

Short Description

Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered by sending malformed traffic which causes a null pointer dereference in the SPNEGO dissector, and will result in loss of availability for the product.

References:

Vendor Specific Advisory URL Security Tracker: 1010158 Secunia Advisory ID:11608 Secunia Advisory ID:11776 Related OSVDB ID: 6131 Related OSVDB ID: 6134 Related OSVDB ID: 6132 Other Advisory URL: http://www.ethereal.com/appnotes/enpa-sa-00014.html ISS X-Force ID: 16151 CVE-2003-0430 Bugtraq ID: 10347