• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.99.0

The vendor has disclosed several vulnerabilities in Ethereal. The reported issues are in various protocol dissectors. These issues include:

- Buffer-overflow vulnerabilities
- Denial-of-service vulnerabilities
- Infinite loop denial-of-service vulnerabilities
- Unspecified denial-of-service vulnerabilities
- Off-by-one overflow vulnerabilities

These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application.

Various vulnerabilities affect different versions of Ethereal, from 0.8.5 through to 0.10.14.