Ethereal UCP Dissector Handle Int-Field Overflow

2001-10-08T00:00:00
ID OSVDB:6897
Type osvdb
Reporter Stefan Esser(sesser@hardened-php.net)
Modified 2001-10-08T00:00:00

Description

Vulnerability Description

A remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Integer field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.

Solution Description

Upgrade to version 0.9.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable the dissector

Short Description

A remote overflow exists in Ethereal. The UCP Dissector fails to check the boundary of the Integer field resulting in a stack overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity. This can only be exploited if the system has a MTU bigger than BUFSIZ, which may limit which platforms are susceptable.

References:

Vendor URL: http://www.ethereal.com/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11744 Related OSVDB ID: 6888 Related OSVDB ID: 6893 Related OSVDB ID: 4490 Related OSVDB ID: 6887 Related OSVDB ID: 6889 Related OSVDB ID: 6896 Related OSVDB ID: 6894 Related OSVDB ID: 6895 Related OSVDB ID: 6898 Related OSVDB ID: 6890 Related OSVDB ID: 6891 Related OSVDB ID: 6892 RedHat RHSA: RHSA-2004:136-09 RedHat RHSA: RHSA-2004:137-07 Other Advisory URL: http://security.e-matters.de/advisories/032004.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0227.html ISS X-Force ID: 15569 CVE-2004-0176