Author Topic: Ethereal Vulnerabilities  (Read 3250 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Ethereal Vulnerabilities
« on: May 08, 2005, 03:27:10 pm »
There are multiple vulnerabilities in Ethereal 0.10.10 (and earlier), and you should immediately upgrade to 0.10.11. 

www.ethereal.com

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Ethereal Vulnerabilities
« Reply #1 on: May 08, 2005, 03:51:56 pm »
What vulnerabilities could there be in a packet logger?
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Ethereal Vulnerabilities
« Reply #2 on: May 08, 2005, 05:11:36 pm »
It has parsers for various protocols (TCP, UDP, IPX, AIM, MSN, HTTP, FTP, and probably a hundred others).  It parses the packets when it sees them in a way that can be prettily displayed.  Many of the protocol parsers had vulnerabilities if they aren't properly formed.

Quote
#  The ANSI A dissector was susceptible to format string vulnerabilities. Discovered by Bryan Fulton. Versions affected: 0.9.15 to 0.10.10
# The GSM MAP dissector could crash. Versions affected: 0.10.0 to 0.10.10
# The AIM dissector could cause a crash. Versions affected: 0.9.14 to 0.10.10
# The DISTCC dissector was susceptible to a buffer overflow. Discovered by Ilja van Sprundel Versions affected: 0.9.13 to 0.10.10
# The FCELS dissector was susceptible to a buffer overflow. Discovered by Neil Kettle Versions affected: 0.9.9 to 0.10.10
# The SIP dissector was susceptible to a buffer overflow. Discovered by Ejovi Nuwere. Versions affected: 0.10.0 to 0.10.10
# The KINK dissector was susceptible to a null pointer exception, endless looping, and other problems. Versions affected: 0.10.10
# The LMP dissector was susceptible to an endless loop. Versions affected: 0.9.4 to 0.10.10
# The Telnet dissector could abort. Versions affected: 0.9.10 to 0.10.10
# The TZSP dissector could cause a segmentation fault. Versions affected: 0.10.10 to 0.10.10
# The WSP dissector was susceptible to a null pointer exception and assertions. Versions affected: 0.10.0 to 0.10.10
# The 802.3 Slow protocols dissector could throw an assertion. Versions affected: 0.10.10
# The BER dissector could throw assertions. Versions affected: 0.10.2 to 0.10.10
# The SMB Mailslot dissector was susceptible to a null pointer exception and could throw assertions. Versions affected: 0.9.0 to 0.10.10
# The H.245 dissector was susceptible to a null pointer exception. Versions affected: 0.10.10
# The Bittorrent dissector could cause a segmentation fault. Versions affected: 0.10.8 to 0.10.10
# The SMB dissector could cause a segmentation fault and throw assertions. Versions affected: 0.9.0 to 0.10.10
# The Fibre Channel dissector could cause a crash. Versions affected: 0.9.9 to 0.10.10
# The DICOM dissector could attempt to allocate large amounts of memory. Versions affected: 0.10.4 to 0.10.10
# The MGCP dissector was susceptible to a null pointer exception, could loop indefinitely, and segfault. Versions affected: 0.8.14 to 0.10.10
# The RSVP dissector could loop indefinitely. Versions affected: 0.9.8 to 0.10.10
# The DHCP dissector was susceptible to format string vulnerabilities, and could abort. Versions affected: 0.10.7 to 0.10.10
# The SRVLOC dissector could crash unexpectedly or go into an infinite loop. Versions affected: 0.9.8 to 0.10.10
# The EIGRP dissector could loop indefinitely. Versions affected: 0.8.18 to 0.10.10
# The ISIS dissector could overflow a buffer. Versions affected: 0.8.18 to 0.10.10
# The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified, and X.509 dissectors could overflow buffers. Versions affected: 0.10.4 to 0.10.10
# The NDPS dissector could exhaust system memory or cause an assertion, or crash. Versions affected: 0.9.12 to 0.10.10
# The Q.931 dissector could try to free a null pointer and overflow a buffer. Versions affected: 0.10.10
# The IAX2 dissector could throw an assertion. Versions affected: 0.10.1 to 0.10.10
# The ICEP dissector could try to free the same memory twice. Versions affected: 0.10.7 to 0.10.10
# The MEGACO dissector was susceptible to an infinite loop and a buffer overflow. Versions affected: 0.9.14 to 0.10.10
# The DLSw dissector was susceptible to an infinite loop. Versions affected: 0.9.1 to 0.10.10
# The RPC dissector was susceptible to a null pointer exception. Versions affected: 0.9.2 to 0.10.10
# The NCP dissector could overflow a buffer or loop for a large amount of time. Versions affected: 0.10.5 to 0.10.10
# The RADIUS dissector could throw an assertion. Versions affected: 0.10.3 to 0.10.10
# The GSM dissector could access an invalid pointer. Versions affected: 0.10.10
# The SMB PIPE dissector could throw an assertion. Versions affected: 0.9.0 to 0.10.10
# The L2TP dissector was susceptible to an infinite loop. Versions affected: 0.10.9 to 0.10.10
# The SMB NETLOGON dissector could dereference a null pointer. Versions affected: 0.9.12 to 0.10.10
# The MRDISC dissector could throw an assertion. Versions affected: 0.8.19 to 0.10.10
# The ISUP dissector could overflow a buffer or cause a segmentation fault. Versions affected: 0.8.19 to 0.10.10
# The LDAP dissector could crash. Versions affected: 0.10.1 to 0.10.10
# The TCAP dissector could overflow a buffer or throw an assertion. Versions affected: 0.10.8 to 0.10.10
# The NTLMSSP dissector could crash. Versions affected: 0.9.7 to 0.10.10
# The Presentation dissector could overflow a buffer. Versions affected: 0.10.1 to 0.10.10
# Additionally, a number of dissectors could throw an assertion when passing an invalid protocol tree item length. Versions affected: 0.10.8 to 0.10.10