Ethereal AFS Buffer Overflow Vulnerability
BID:1972
Info
Ethereal AFS Buffer Overflow Vulnerability
| Bugtraq ID: | 1972 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 18 2000 12:00AM |
| Updated: | Nov 18 2000 12:00AM |
| Credit: | This vulnerability was discovered as a result of research conducted by the FreeBSD Team. It was announced to the BugTraq mailing list JW Oh on November 18, 2000. |
| Vulnerable: |
Gerald Combs Ethereal 0.8.13 |
| Not Vulnerable: | |
Discussion
Ethereal AFS Buffer Overflow Vulnerability
Ethereal is a network auditing utility originally written by Gerald Combs. A problem exists in the Ethereal package which can allow a remote user to execute code.
The problem exists in the AFS packet parsing routine. An algorithm string scans the contents of a packet into a predefined buffer, not checking to see if the size of the string exceeds the buffer size. It is therefore possible to overwrite other values on the stack including the return address. This problem makes it possible for a malicious user to execute code with a custom crafted packet.
Ethereal is a network auditing utility originally written by Gerald Combs. A problem exists in the Ethereal package which can allow a remote user to execute code.
The problem exists in the AFS packet parsing routine. An algorithm string scans the contents of a packet into a predefined buffer, not checking to see if the size of the string exceeds the buffer size. It is therefore possible to overwrite other values on the stack including the return address. This problem makes it possible for a malicious user to execute code with a custom crafted packet.
Exploit / POC
Ethereal AFS Buffer Overflow Vulnerability
Exploit available:
Exploit available:
Solution / Fix
Ethereal AFS Buffer Overflow Vulnerability
Solution:
The following upgrade is available:
Gerald Combs Ethereal 0.8.13
Solution:
The following upgrade is available:
Gerald Combs Ethereal 0.8.13
-
Conectiva 5.0 ethereal-0.8.14-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/ethereal-0.8.14-1cl.i386. rpm -
Conectiva 5.0 ethereal-0.8.14-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/ethereal-0.8.14-1cl.src. rpm -
Conectiva 5.1 ethereal-0.8.14-1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/ethereal-0.8.14-1cl.i386. rpm -
Conectiva 5.1 ethereal-0.8.14-1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/ethereal-0.8.14-1cl.src. rpm -
Debian 2.2 alpha ethereal_0.8.0-2potato_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/ethe real_0.8.0-2potato_alpha.deb -
Debian 2.2 arm ethereal_0.8.0-2potato_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/ethere al_0.8.0-2potato_arm.deb -
Debian 2.2 i386 ethereal_0.8.0-2potato_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/ether eal_0.8.0-2potato_i386.deb -
Debian 2.2 ppc ethereal_0.8.0-2potato_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/et hereal_0.8.0-2potato_powerpc.deb -
Debian 2.2 sparc ethereal_0.8.0-2potato_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/ethe real_0.8.0-2potato_sparc.deb -
FreeBSD 3.5.1 i386 ethereal-0.8.14.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/eth ereal-0.8.14.tgz -
FreeBSD 4.2 alpha ethereal-0.8.14.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/et hereal-0.8.14.tgz -
FreeBSD 4.2 i386 ethereal-0.8.14.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/eth ereal-0.8.14.tgz -
FreeBSD 5.0 alpha ethereal-0.8.14.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/e thereal-0.8.14.tgz -
FreeBSD 5.0 i386 ethereal-0.8.14.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/et hereal-0.8.14.tgz -
Gerald Combs ethereal-0.8.14.tar.gz
http://www.ethereal.com/distribution/ethereal-0.8.14.tar.gz
References
Ethereal AFS Buffer Overflow Vulnerability
References:
References: