Ethereal

enpa-sa-00009
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Application Notes | Summary | Details

Summary

Name: Off-by-one and integer overflows in Ethereal 0.9.11

Docid: enpa-sa-00009

Date: May 1, 2003

Versions affected: 0.8.13 to 0.9.11

Severity: High

Details

Description:

It has been discovered that several dissectors were using tvb_get_nstringz() and tvb_get_nstringz0() in an unsafe manner.

In versions 0.9.11 and earlier it is possible to overflow memory buffers by one byte in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors. The Mount and PPP dissectors are susceptible to integer overflows. These problems were discovered by Timo Sirainen.

All users of Ethereal 0.9.11 and earlier are encouraged to upgrade.

In order to determine which version of Ethereal you have installed, do one of the following:

Either action will display the the application version along with the libraries that Ethereal and Tethereal are linked with. If version "0.9.11" or prior is displayed, the application is susceptible.

Impact:

It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file.

Resolution:

Upgrade to 0.9.12.

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.