local privilege escalation in ethereal

ID SUSE-SA:2003:019
Type suse
Reporter Suse
Modified 2003-03-21T12:54:01


Ethereal is a GUI for analyzing and displaying network traffic. Ethereal is vulnerable to a format string bug in it's SOCKS code and to a heap buffer overflow in it's NTLMSSP code. These bugs can be abused to crash ethereal or maybe to execute arbitrary code on the machine running ethereal.