Multiple Sniffer Vendor DNS Decode Vulnerability

Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Upgrading to 0.8.7 of Ethereal will solve this problem
The current tree of tcpdump has a fix in place; this fix is not present in the 3.5 alpha tree, however.

The author of this vulnerability suggests replacing the ns_nprint function with the following:

static const u_char *
ns_nprint(register const u_char *cp, register const u_char *bp)
{
register u_int i,j;
register const u_char *rp;
register int compress;

i = *cp++;
j = 0;
rp = cp + i;
if ((i & INDIR_MASK) == INDIR_MASK) {
rp = cp + 1;
compress = 1;
} else
compress = 0;
if (i != 0)
while ((i && cp < snapend) && (j<256)) {
j++;
if ((i & INDIR_MASK) == INDIR_MASK) {
cp = bp + (((i << 8) | *cp) & 0x3fff);
i = *cp++;
continue;
}
if (fn_printn(cp, i, snapend))
break;
cp += i;
putchar('.');
i = *cp++;
if (!compress)
rp += i + 1;
}
else
putchar('.');
return (rp);
}



 

Privacy Statement
Copyright 2010, SecurityFocus