Ethereal AFS Buffer Overflow Vulnerability

Ethereal is a network auditing utility originally written by Gerald Combs. A problem exists in the Ethereal package which can allow a remote user to execute code.

The problem exists in the AFS packet parsing routine. An algorithm string scans the contents of a packet into a predefined buffer, not checking to see if the size of the string exceeds the buffer size. It is therefore possible to overwrite other values on the stack including the return address. This problem makes it possible for a malicious user to execute code with a custom crafted packet.


 

Privacy Statement
Copyright 2010, SecurityFocus