Ethereal contains a vulnerability in the way the Infrared Data Association (IrDA) dissector plugin parses the IRCOM_PORT_NAME parameter.
Ethereal is a network traffic analysis package. It includes the ability to decode packets containing IrDA data. There is a vulnerability in the way the IrDA dissector plugin decodes the IRCOM_PORT_NAME parameter. By sending an IrDA packet containing an overly long portname, a remote unauthenticated attacker could cause Ethereal to crash or potentially execute code of the attacker's choice.
A remote, unauthenticated attacker could cause Ethereal to crash or potentially execute code of the attacker's choice.
Upgrade to version 0.10.3 or later.
Ethereal credits Stefan Esser for reporting this vulnerability.
This document was written by Damon Morda.
|Date First Published:||2004-03-25|
|Date Last Updated:||2004-04-06 17:33 UTC|