Vulnerability Note VU#641013
Ethereal contains multiple one-byte buffer overflows in several dissectors
Ethereal is a network traffic analysis package. Several packet dissectors contain a vulnerability that may cause a denial-of-service situation.
Several packet dissectors for Ethereal contain a one-byte buffer overflow vulnerability. According to the Ethereal Advisory, tvb_get_nstringz() and tvb_get_nstringz0() were used in an unsafe manner.
Versions 0.9.11 and earlier of dissectors for AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP are affected.
It may be possible for a remote attacker to crash the program or run arbitrary code on the system via a crafted packet.
Upgrade to version 0.9.12 which resolves this issue.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Ethereal||Affected||-||12 May 2003|
CVSS Metrics (Learn More)
Thanks to Timo Sirainen for reporting this vulnerability.
This document was written by Jason A Rafail and is based upon information in the Ethereal Advisory.
- CVE IDs: Unknown
- Date Public: 01 May 2003
- Date First Published: 12 May 2003
- Date Last Updated: 19 Aug 2004
- Severity Metric: 5.99
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.