lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4066F052.50604@onryou.com> From: lists2 at onryou.com (Cael Abal) Subject: Ethereal (v0.10.0-0.10.2) IGAP Dissector Message Overflow Exploit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lan Guy wrote: | is ethereal ver 0.10.3 released 25th March 2004 still vulnerable? 0.10.3 was released in response to multiple vulnerabilities, one of which included a buffer overflow in the IGAP dissector attributed to Stefan Esser. http://security.e-matters.de/advisories/032004.html The important bit: "When parsing an IGAP protocol packet that contains either an overlong accountname (>17) or an overlong message (>65) different buffers may overflow the stack, allowing an over-write of up to 238 (or 190) bytes. In both cases remote code execution exploitation is possible." The posted code generates an oversized message, exploiting the buffer overflow fixed in 0.10.3. Cael PS: Do your own homework next time. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAZu+2R2vQ2HfQHfsRAsNOAJ9U4tOzf+0YaDA6FXtHNlJ5gMIFJACgnmfN 7W/vUatOCQd9FV6WWWkE/dA= =u7So -----END PGP SIGNATURE-----
Powered by blists - more mailing lists