Ethereal SIP Message DoS

2004-05-13T00:00:00
ID OSVDB:6936
Type osvdb
Reporter OSVDB
Modified 2004-05-13T00:00:00

Description

Vulnerability Description

Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered when one three conditions occurs, and will result in loss of availability for the service.

Technical Description

Three conditions to trigger issue:

1) When the SIP packet is sent over TCP 2) When the SIP packet is sent over UDP but neither to or from the default port 5060 and not to or from a port defined as "Decode As../SIP" 3) When the preference setting for UDP dissector is set to dissect by heuristics first

Solution Description

Upgrade to version 0.10.4 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable the SIP protocol dissector by selecting Analyze->Enabled Protocols... and deselecting SIP from the list

Short Description

Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered when one three conditions occurs, and will result in loss of availability for the service.

References:

Vendor URL: http://www.ethereal.com/ Vendor Specific Advisory URL Security Tracker: 1010158 Secunia Advisory ID:11836 Secunia Advisory ID:13345 Related OSVDB ID: 6938 Related OSVDB ID: 6937 Related OSVDB ID: 6939 RedHat RHSA: RHSA-2004:234-06 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200406-01.xml Other Advisory URL: http://www.suse.de/de/security/2004_02_sr.html Mail List Post: http://www.ethereal.com/lists/ethereal-users/200405/msg00018.html Mail List Post: http://www.ethereal.com/lists/ethereal-users/200404/msg00119.html ISS X-Force ID: 16148 Generic Exploit URL: http://www.ethereal.com/lists/ethereal-users/200404/msg00119.html CVE-2004-0504 CIAC Advisory: o-150 Bugtraq ID: 10347