Ethereal: security problems in ethereal 0.9.15

Security Team Contact Address

Updated November 22, 2003

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200311-05 / Ethereal
Release Date	November 22, 2003
Latest Revision	November 22, 2003: 01
Impact	normal
Exploitable	remote

Package	Vulnerable versions	Unaffected versions	Architecture(s)
net-analyzer/ethereal	< 0.9.16	>= 0.9.16	All supported architectures

Related bugreports: #32691

Synopsis

Ethereal is vulnerable to heap and buffer overflows in the GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors.

2. Impact Information

Background

Ethereal is a popular network protocol analyzer.

Description

Ethereal contains buffer overflow vulnerabilities in the GTP, ISAKMP, and MEGACO protocol dissectors, and a heap overflow vulnerability in the SOCKS protocol dissector, which could cause Ethereal to crash or to execute arbitrary code.

Impact

A remote attacker could craft a malformed packet which would cause Ethereal to crash or run arbitrary code with the permissions of the user running Ethereal.

3. Resolution Information

Workaround

There is no known workaround at this time, other than to disable the GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors.

Resolution

It is recommended that all Gentoo Linux users who are running net-analyzer/ethereal 0.9.x upgrade:

Code Listing 3.1: Resolution

# emerge sync
# emerge -pv '>=net-analyzer/ethereal-0.9.16'
# emerge '>=net-analyzer/ethereal-0.9.16'
# emerge clean

4. References

Ethereal Security Advisory