Name: Multiple security problems in Ethereal 0.10.2

Docid: enpa-sa-00013

Date: March 22, 2004

Versions affected: 0.8.13 up to and including 0.10.2

Severity: High

Description:

Serious issues have been discovered in the following protocol dissectors:

• Stefan Esser discovered thirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP. (CAN-2004-0176)
• A zero-length Presentation protocol selector could make Ethereal crash. (CAN-2004-0367)
• Jonathan Heussser discovered that a carefully-crafted RADIUS packet could cause a crash. (CAN-2004-0365)
• A corrupt color filter file could cause a segmentation fault.

Impact:

It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file.

Resolution:

Upgrade to 0.10.3.

If you are running a version prior to 0.10.3 and you cannot upgrade, you can disable all of the protocol dissectors listed above by selecting Edit->Protocols... and deselecting them from the list. However, it is strongly recommended that you upgrade to 0.10.3.