• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Ethereal Multiple Protocol Dissector Vulnerabilities

Many vulnerabilities in Ethereal have been disclosed by the vendor. The reported issues are in various protocol dissectors.

These issues include:

- Buffer-overflow vulnerabilities
- Format-string vulnerabilities
- NULL-pointer dereference denial-of-service vulnerabilities
- Infinite-loop denial-of-service vulnerabilities
- Memory-exhaustion denial-of-service vulnerabilities
- Unspecified denial-of-service vulnerabilities

These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application.

Various vulnerabilities affect several versions of Ethereal, from 0.8.5 through to 0.10.11.