A remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the "message" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.
Upgrade to version 0.10.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector
A remote overflow exists in Ethereal. The IGAP Protocol Dissector fails to check the bounds of the "message" variable resulting in a stack overflow. With a specially crafted request, an attacker can potentially execute arbitrary code resulting in a loss of integrity.
Vendor URL: http://www.ethereal.com/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11744 Related OSVDB ID: 6893 Related OSVDB ID: 4490 Related OSVDB ID: 6887 Related OSVDB ID: 6889 Related OSVDB ID: 6896 Related OSVDB ID: 6894 Related OSVDB ID: 6895 Related OSVDB ID: 6898 Related OSVDB ID: 6890 Related OSVDB ID: 6891 Related OSVDB ID: 6892 Related OSVDB ID: 6897 RedHat RHSA: RHSA-2004:136-09 RedHat RHSA: RHSA-2004:137-07 Other Advisory URL: http://security.e-matters.de/advisories/032004.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html ISS X-Force ID: 15569 CVE-2004-0176