lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4066F052.50604@onryou.com>
From: lists2 at onryou.com (Cael Abal)
Subject: Ethereal (v0.10.0-0.10.2) IGAP Dissector Message
 Overflow Exploit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lan Guy wrote:

| is ethereal ver 0.10.3 released 25th March 2004 still vulnerable?

0.10.3 was released in response to multiple vulnerabilities, one of
which included a buffer overflow in the IGAP dissector attributed to
Stefan Esser.

http://security.e-matters.de/advisories/032004.html

The important bit:

"When parsing an IGAP protocol packet that contains either an overlong
accountname (>17) or an overlong message (>65) different buffers may
overflow the stack, allowing an over-write of up to 238 (or 190) bytes.
In both cases remote code execution exploitation is possible."

The posted code generates an oversized message, exploiting the buffer
overflow fixed in 0.10.3.

Cael

PS:  Do your own homework next time.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAZu+2R2vQ2HfQHfsRAsNOAJ9U4tOzf+0YaDA6FXtHNlJ5gMIFJACgnmfN
7W/vUatOCQd9FV6WWWkE/dA=
=u7So
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists