Debian 3.0 DSA 324-1 Critical Ethereal Memory Overflow Risk
debian
June 18, 2003
Several of the packet dissectors in ethereal contain string handlingbugs which could be exploited using a maliciously crafted packet tocause ethereal to consume excessive amounts o...
Summary
Several of the packet dissectors in ethereal contain string handling
bugs which could be exploited using a maliciously crafted packet to
cause ethereal to consume excessive amounts of memory, crash, or
execute arbitrary code.
These vulnerabilites were announced in the following Ethereal security
advisory:
Ethereal 0.9.4 in Debian 3.0 (woody) is affected by most of the
problems described in the advisory, including:
* The DCERPC dissector could try to allocate too much memory
while trying to decode an NDR string.
* Bad IPv4 or IPv6 prefix lengths could cause an overflow in the
OSI dissector.
* The tvb_get_nstringz0() routine incorrectly handled a
zero-length buffer size.
* The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, and ISIS
dissectors handled strings improperly.
The following problems do NOT affect this version:
* The SPNEGO dissector could segfault while parsing an invalid
ASN.1 value.
* The RMI dissector handled strings improperly
as these modul...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: ethereal
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!