Potential Insecurities with Ethereal

Discussion in 'other security issues & news' started by FanJ, Jun 6, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest


    -begin quote-


    Several insecurities have been found in Ethereal, these insecurities would allow a remote attacker to cause anything from a denial of service attack, to a buffer overflow, causing the execution of arbitrary code.

    Vulnerable systems:
    * Ethereal version 0.9.3

    Immune systems:
    * Ethereal version 0.9.4

    Four potential security issues have been discovered in Ethereal 0.9.3:
    * The SMB dissector could potentially dereference a NULL pointer in two cases.
    * The X11 dissector could potentially overflow a buffer while parsing keysyms.
    * The DNS dissector could go into an infinite loop while reading a malformed packet.
    * The GIOP dissector could potentially allocate large amounts of memory.

    Currently no known exploits exist "in the wild" for any of these issues. Versions prior to 0.9.3 are also subject to these bugs. In order to determine which version of Ethereal you have installed, do one of the following:
    Load Ethereal and go to the Help->About Ethereal... menu item.

    From the command line run
    ethereal -v
    tethereal -v
    (the "v" is lowercase").

    Either action will display the application version along with the libraries that Ethereal and Tethereal are linked with. If version "0.9.3" or prior is displayed, the application is susceptible.

    It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems.

    Upgrade to 0.9.4.

    If you are running a version prior to 0.9.4, you can disable the dissectors for each of these protocols by selecting Edit->Protocols... and deselecting them from the list.

    Additional information
    The information has been provided by Jonas Eriksson.

    -end quote-


    UNICRON Technical Expert

    Feb 14, 2002
    Nanaimo BC Canada
    Thanx for the tip, I was using an old version of Ethereal and winPcap
Thread Status:
Not open for further replies.