|
|
|
![]() |
Vulnerability Note VU#641013Ethereal contains multiple one-byte buffer overflows in several dissectorsOverviewEthereal is a network traffic analysis package. Several packet dissectors contain a vulnerability that may cause a denial-of-service situation.I. DescriptionSeveral packet dissectors for Ethereal contain a one-byte buffer overflow vulnerability. According to the Ethereal Advisory, tvb_get_nstringz() and tvb_get_nstringz0() were used in an unsafe manner.Versions 0.9.11 and earlier of dissectors for AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP are affected.
References
Thanks to Timo Sirainen for reporting this vulnerability. This document was written by Jason A Rafail and is based upon information in the Ethereal Advisory.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||