SUMMARY Name: Several security problems in Ethereal 0.9.12 Docid: enpa-sa-00010 Date: June 11, 2003 Severity: High DETAILS Description: Further source code auditing by Timo Sirainen has turned up several string handling flaws in various protocol dissectors. Separate security problems were discovered by other people: The DCERPC dissector could try to allocate too much memory while trying to decode an NDR string. Bad IPv4 or IPv6 prefix lengths could cause an overflow in the OSI dissector. The SPNEGO dissector could segfault while parsing an invalid ASN.1 value. The tvb_get_nstringz0() routine incorrectly handled a zero-length buffer size. The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI dissectors handled strings improperly. Impact: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. Resolution: Upgrade to 0.9.13.
glsa sent