Vulnerability Note VU#740188

Ethereal IrDA dissector plugin fails to properly parse IRCOM_PORT_NAME parameter

Overview

Ethereal contains a vulnerability in the way the Infrared Data Association (IrDA) dissector plugin parses the IRCOM_PORT_NAME parameter.

I. Description

Ethereal is a network traffic analysis package. It includes the ability to decode packets containing IrDA data. There is a vulnerability in the way the IrDA dissector plugin decodes the IRCOM_PORT_NAME parameter. By sending an IrDA packet containing an overly long portname, a remote unauthenticated attacker could cause Ethereal to crash or potentially execute code of the attacker's choice.

II. Impact

A remote, unauthenticated attacker could cause Ethereal to crash or potentially execute code of the attacker's choice.

III. Solution

Upgrade

Upgrade to version 0.10.3 or later.

Note: Ethereal is considered BETA software at this time.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Ethereal	Vulnerable	25-Mar-2004

References

http://security.e-matters.de/advisories/032004.html
http://www.ethereal.com/appnotes/enpa-sa-00013.html
http://secunia.com/advisories/11185/
http://www.irda.org/

Credit

Ethereal credits Stefan Esser for reporting this vulnerability.

This document was written by Damon Morda.

Other Information

Date Public:	2004-03-22
Date First Published:	2004-03-25
Date Last Updated:	2004-04-06
CERT Advisory:
CVE-ID(s):	CAN-2004-0176
NVD-ID(s):	CAN-2004-0176
US-CERT Technical Alerts:
Metric:	4.04
Document Revision:	11

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader