Ethereal fails to properly parse Pragmatic General Multicast (PGM) packets containing a crafted negative acknowledgement (NAK) list.
Ethereal is a network traffic analysis package. It includes the ability to decode packets containing PGM data. There is a vulnerability in the way the PGM protocol dissector parses PGM data containing a crafted NAK list.
According to the e-matters Security Advisory:
A remote, unauthenticated attacker could cause Ethereal to crash or possibly execute arbitrary code on the vulnerable system.
Upgrade to version 0.10.3 or later.
Ethereal credits Stefan Esser for reporting this vulnerability.
|Date First Published:||2004-03-24|
|Date Last Updated:||2004-03-25 15:34 UTC|