SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#232164

Ethereal contains integer overflow in Mount dissector

Overview

Ethereal is a network traffic analysis package. The mount packet dissector contains a vulnerability that may result in the execution of arbitrary code.

I. Description

The mount packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory, tvb_get_nstringz() and tvb_get_nstringz0() were used in an unsafe manner.

Versions 0.9.11 and earlier of Ethereal are affected.

II. Impact

It may be possible for a remote attacker to crash the program or run arbitrary code on the system via a crafted packet.

III. Solution

Upgrade to version 0.9.12 which resolves this issue.

Systems Affected

VendorStatusDate NotifiedDate Updated
EtherealVulnerable12-May-2003

References

http://www.ethereal.com/appnotes/enpa-sa-00009.html

Credit

Thanks to Timo Sirainen for reporting this vulnerability.

This document was written by Jason A Rafail and is based upon information in the Ethereal Advisory.

Other Information

Date Public:2003-05-01
Date First Published:2003-05-12
Date Last Updated:2003-05-12
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:6.95
Document Revision:3

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader