Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:8593
HistoryMay 11, 2005 - 12:00 a.m.

remote root security bug in ethereal 0.9.13 >= and <= 0.10.10

2005-05-1100:00:00
vulners.com
14
JSON

Suresec security advisory 2
9th May 2005
CVE ID: CAN-2005-1461
Remote root vulnerability in Ethereal.
About ethereal:
Ethereal is a widely used network packet capturing utility which has
support for over 700 network protocols.
Vulnerability summary:
Ethereal has a dissector for the distcc network protocol. A stack based
bufferoverflow was discovered in parsing argv, serr and sout
messages.
Vulnerable code:
static void dissect_distcc(tvbuff_t *tvb, packet_info *pinfo, proto_tree
*parent_tree)
{
char token[4];
guint32 parameter;
while(1){
tvb_memcpy(tvb, token, offset, 4);

sscanf(tvb_get_ptr(tvb, offset, 8), "%08x", &parameter);

} else if(!strncmp(token, "ARGV", 4)){
offset=dissect_distcc_argv(tvb, pinfo, tree, offset, parameter);
}

}
}
static int dissect_distcc_argv(tvbuff_t *tvb, packet_info *pinfo U,
proto_tree *tree, int offset, gint parameter)
{
char argv[256];
int argv_len;
gint len=parameter;
argv_len=len>255?255:len;
tvb_memcpy(tvb, argv, offset, argv_len);

}
When given a negative value for parameter the bounds check will be
bypassed and an overflow in memcpy occurs.
Impact:
When properly exploited this yields remote root.
Affected versions:
This vulnerability affects Ethereal version 0.9.13 up untill 0.10.10.
Suggested Recommendations:
Turn off support for distcc or update to a newer version of ethereal.
Credits:
Ilja van Sprundel found this vulnerability.
About us:
Suresec Ltd is a global service provider of Internet security solutions
and consultancy with unmatched quality from our world class
consultancy practice.
Our consultants have pioneered in the field of security research and
have closely worked with leading software companies and service
providers to mitigate risks and fix a number of critical vulnerabilities,
suresec also works closely with a number of open source companies
to provide them with a source code auditing and technical
consultancy.We have a strong team consultants spread across Europe,
the United States of America And Australia specializing in security
consulting.

Related

cve 1
ubuntucve 1
centos 2
nessus 5
openvas 4
redhat 1
gentoo 1
freebsd 1
cve
cve
CVE-2005-1461
2005-05-05 04:00:00
ubuntucve
ubuntucve
CVE-2005-1461
2005-05-05 00:00:00
centos
centos
ethereal security update
2005-05-24 23:32:13
ethereal security update
2005-05-24 20:59:07
nessus
nessus
Mandrake Linux Security Advisory : ethereal (MDKSA-2005:083)
2005-05-11 00:00:00
GLSA-200505-03 : Ethereal: Numerous vulnerabilities
2005-05-11 00:00:00
FreeBSD : ethereal -- multiple protocol dissectors vulnerabilities (76adaab0-e4e3-11d9-b875-0001020eed82)
2005-07-13 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200505-03 (Ethereal)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200505-03 (Ethereal)
2008-09-24 00:00:00
FreeBSD Ports: ethereal*, tethereal*
2008-09-04 00:00:00
redhat
redhat
(RHSA-2005:427) ethereal security update
2005-05-24 00:00:00
gentoo
gentoo
Ethereal: Numerous vulnerabilities
2005-05-06 00:00:00
freebsd
freebsd
ethereal -- multiple protocol dissectors vulnerabilities
2005-05-04 00:00:00
JSON
Related for SECURITYVULNS:DOC:8593
cve1ubuntucve1centos2nessus5openvas4redhat1gentoo1freebsd1