Ethereal fails to properly parse Pragmatic General Multicast (PGM) packets containing a crafted negative acknowledgement (NAK) list.
Ethereal is a network traffic analysis package. It includes the ability to decode packets containing PGM data. There is a vulnerability in the way the PGM protocol dissector parses PGM data containing a crafted NAK list.
According to the e-matters Security Advisory:
A remote, unauthenticated attacker could cause Ethereal to crash or possibly execute arbitrary code on the vulnerable system.
Upgrade to version 0.10.3 or later.
Ethereal credits Stefan Esser for reporting this vulnerability.
This document was written by Damon Morda.
|Date First Published:||2004-03-24|
|Date Last Updated:||2004-03-25 15:34 UTC|