|
|
|
Vulnerability Note VU#433596Ethereal integer underflow when parsing malformed PGM packets with NAK listsOverviewEthereal fails to properly parse Pragmatic General Multicast (PGM) packets containing a crafted negative acknowledgement (NAK) list.I. DescriptionEthereal is a network traffic analysis package. It includes the ability to decode packets containing PGM data. There is a vulnerability in the way the PGM protocol dissector parses PGM data containing a crafted NAK list.According to the e-matters Security Advisory:
II. ImpactA remote, unauthenticated attacker could cause Ethereal to crash or possibly execute arbitrary code on the vulnerable system.III. SolutionUpgradeUpgrade to version 0.10.3 or later.
2) Deselect the PGM protocol dissector from the list (for Ethereal versions 0.10.x)
2) Disable the PGM protocol dissector from the list by unchecking its "Status" checkbox Systems Affected
References
Ethereal credits Stefan Esser for reporting this vulnerability. This document was written by Damon Morda.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||