Ethereal MMSE Dissector Overflow

2004-05-14T02:02:05
ID OSVDB:6134
Type osvdb
Reporter Ethereal Group()
Modified 2004-05-14T02:02:05

Description

Vulnerability Description

A remote overflow exists in Ethereal. The product fails to handle malformed packets, malformed trace files, and malformed color filter files resulting in a buffer overflow. With a specially crafted request, an attacker can cause Ethereal to crash or run arbitrary code resulting in a loss of integrity.

Solution Description

Upgrade to version 0.10.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Ethereal. The product fails to handle malformed packets, malformed trace files, and malformed color filter files resulting in a buffer overflow. With a specially crafted request, an attacker can cause Ethereal to crash or run arbitrary code resulting in a loss of integrity.

References:

Vendor URL: http://www.ethereal.com/ Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11608 Secunia Advisory ID:11776 Related OSVDB ID: 6131 Related OSVDB ID: 6133 Related OSVDB ID: 6132 Other Advisory URL: http://www.ciac.org/ciac/bulletins/o-150.shtml Other Advisory URL: http://www.ethereal.com/appnotes/enpa-sa-00014.html ISS X-Force ID: 16152 Bugtraq ID: 10347