Ethereal DISTCC Dissection Stack Buffer Overflow Vulnerability
BID:13567
Info
Ethereal DISTCC Dissection Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 13567 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 10 2005 12:00AM |
| Updated: | May 10 2005 12:00AM |
| Credit: | Ilja van Sprundel is credited with the discovery of this vulnerability. |
| Vulnerable: |
Ethereal Group Ethereal 0.10.9 Ethereal Group Ethereal 0.10.8 Ethereal Group Ethereal 0.10.7 Ethereal Group Ethereal 0.10.6 Ethereal Group Ethereal 0.10.5 Ethereal Group Ethereal 0.10.4 Ethereal Group Ethereal 0.10.3 Ethereal Group Ethereal 0.10.2 Ethereal Group Ethereal 0.10.1 Ethereal Group Ethereal 0.10 .10 Ethereal Group Ethereal 0.10 Ethereal Group Ethereal 0.9.16 Ethereal Group Ethereal 0.9.15 Ethereal Group Ethereal 0.9.14 Ethereal Group Ethereal 0.9.13 |
| Not Vulnerable: |
Ethereal Group Ethereal 0.10.11 |
Discussion
Ethereal DISTCC Dissection Stack Buffer Overflow Vulnerability
A remote buffer overflow vulnerability affects Ethereal. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the DISTCC protocol dissector.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
This vulnerability affects Ethereal versions 0.8.13 through to 0.10.10.
Note that this issue was originally disclosed in BID 13504.
A remote buffer overflow vulnerability affects Ethereal. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the DISTCC protocol dissector.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
This vulnerability affects Ethereal versions 0.8.13 through to 0.10.10.
Note that this issue was originally disclosed in BID 13504.
Exploit / POC
Ethereal DISTCC Dissection Stack Buffer Overflow Vulnerability
The following proof of concept is available:
# nc $SOME_SNIFFED_MACHINE 3632 | perl -e 'print "SERRffffffff" . "oxff"
x 256'
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
The following proof of concept is available:
# nc $SOME_SNIFFED_MACHINE 3632 | perl -e 'print "SERRffffffff" . "oxff"
x 256'
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Ethereal DISTCC Dissection Stack Buffer Overflow Vulnerability
Solution:
The vendor has released Ethereal version 0.10.11 to address this, and other vulnerabilities.
Mandriva has released advisory MDKSA-2005:083 to address this, and other issues in Mandrake Linux 10.1 and 10.2. Please see the referenced advisory for further information.
Ethereal Group Ethereal 0.10 .10
Ethereal Group Ethereal 0.10
Ethereal Group Ethereal 0.10.1
Ethereal Group Ethereal 0.10.2
Ethereal Group Ethereal 0.10.3
Ethereal Group Ethereal 0.10.4
Ethereal Group Ethereal 0.10.5
Ethereal Group Ethereal 0.10.6
Ethereal Group Ethereal 0.10.7
Ethereal Group Ethereal 0.10.8
Ethereal Group Ethereal 0.10.9
Ethereal Group Ethereal 0.9.13
Ethereal Group Ethereal 0.9.14
Ethereal Group Ethereal 0.9.15
Ethereal Group Ethereal 0.9.16
Solution:
The vendor has released Ethereal version 0.10.11 to address this, and other vulnerabilities.
Mandriva has released advisory MDKSA-2005:083 to address this, and other issues in Mandrake Linux 10.1 and 10.2. Please see the referenced advisory for further information.
Ethereal Group Ethereal 0.10 .10
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.1
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.2
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.3
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.4
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.5
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.6
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.7
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.8
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.9
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.9.13
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.9.14
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.9.15
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.9.16
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
References
Ethereal DISTCC Dissection Stack Buffer Overflow Vulnerability
References:
References:
- enpa-sa-00019 - Multiple problems in Ethereal versions 0.8.14 to 0.10.10 (Ethereal Group)
- Ethereal v0.9.13 to v0.10.10 DISTCC Denial of Service Exploit (Buffer Overflow) (David Jungerson ([email protected]))
- The Ethereal Network Analyzer (Ethereal Group)
- remote root security bug in ethereal 0.9.13 >= and <= 0.10.10 (suresec advisories
)