Ethereal fails to properly decode ISDN User Part (ISUP) packets containing an overly long Interworking Function Address (IWFA) value.
Ethereal is a network traffic analysis package. It includes the ability to decode packets containing ISUP data. There is a vulnerability in the way the ISUP protocol dissector decodes the IWFA value. By sending an ISUP packet containing an overly long IWFA value, a remote, unauthenticated attacker could execute arbitrary code.
A remote, unauthenticated attacker could execute arbitrary code on the vulnerable system.
Upgrade to version 0.10.3 or later.
Ethereal credits Stefan Esser for reporting this vulnerability.
|Date First Published:||2004-03-25|
|Date Last Updated:||2004-03-25 16:55 UTC|