Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 45964 - Ethereal(v0.10.0-0.10.2) IGAP Dissector Message Overflow Exploit
Summary: Ethereal(v0.10.0-0.10.2) IGAP Dissector Message Overflow Exploit
Status: RESOLVED DUPLICATE of bug 45543
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL: http://seclists.org/lists/fulldisclos...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-28 02:55 UTC by Tobias Weisserth
Modified: 2011-10-30 22:38 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Weisserth 2004-03-28 02:55:16 UTC
See the URL for very detailed information and exploit. I tried to add this as an attachment to bug 45543 but there seems to be a problem with Bugzilla accepting attachments.

I guess ethereal 0.10.0 to 0.10.2 should be masked in Portage ASAP since the full-disclosure mail already contains a real world exploit.

regards,
Tobias

Reproducible: Always
Steps to Reproduce:
Comment 1 Kurt Lieber (RETIRED) gentoo-dev 2004-03-28 03:52:30 UTC
the IGAP overflow was one of the 13 discovered in the earlier ethereal vuln. report (see 45543 for details)  Is this vuln. somehow different?  AFAICS, they're the same (fixed by the same version, etc.)

Inlcined to close as a dupe.  Please clarify if this should not be the case.
Comment 2 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2004-03-28 13:30:18 UTC
this is fixed in ethereal 0.10.3.

http://seclists.org/lists/fulldisclosure/2004/Mar/1377.html
http://seclists.org/lists/fulldisclosure/2004/Mar/1386.html


*** This bug has been marked as a duplicate of 45543 ***