Ethereal is a network traffic analysis package. The PPP packet dissector contains a vulnerability that may result in the execution of arbitrary code.
The PPP packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory, tvb_get_nstringz() and tvb_get_nstringz0() were used in an unsafe manner.
Versions 0.9.11 and earlier of Ethereal are affected.
It may be possible for a remote attacker to crash the program or run arbitrary code on the system via a crafted packet.
Upgrade to version 0.9.12 which resolves this issue.
Thanks to Timo Sirainen for reporting this vulnerability.
This document was written by Jason A Rafail and is based upon information in the Ethereal Advisory.
|Date First Published:||2003-05-12|
|Date Last Updated:||2003-05-12 18:37 UTC|