Ethereal ASN.1 String Memory Allocation Denial Of Service Vulnerability

Bugtraq ID:	4604
Class:	Design Error
CVE:	CAN-2002-0353
Remote:	Yes
Local:	No
Published:	Apr 25 2002 12:00AM
Updated:	Apr 25 2002 12:00AM
Credit:	This vulnerability announced by the Ethereal Development Team.
Vulnerable:	Ethereal Group Ethereal 0.9.2 Ethereal Group Ethereal 0.9.1 - Compaq Tru64 5.0 - Debian Linux 2.2 sparc - Debian Linux 2.2 powerpc - Debian Linux 2.2 IA-32 - Debian Linux 2.2 arm - Debian Linux 2.2 alpha - Debian Linux 2.2 68k - HP HP-UX 11.0 - IBM AIX 5.1 - Linux kernel 2.4 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 - NetBSD NetBSD 1.5 - OpenBSD OpenSSH 3.0 - SCO Unixware 7.0 - SGI IRIX 6.0 - Sun Solaris 8 Ethereal Group Ethereal 0.9 Ethereal Group Ethereal 0.8.18 - RedHat Linux 7.2 ia64 - RedHat Linux 7.2 i386 - RedHat Linux 7.2

Not Vulnerable:	Ethereal Group Ethereal 0.9.3 + RedHat Linux 7.3 i386 + RedHat Linux 7.3 + RedHat Linux 7.2 i386 + RedHat Linux 7.2 alpha + RedHat Linux 7.1 ia64 + RedHat Linux 7.1 i386 + RedHat Linux 7.1 alpha + RedHat Linux 7.0 sparc + RedHat Linux 7.0 i386 + RedHat Linux 7.0 alpha + RedHat Linux 6.2 sparc + RedHat Linux 6.2 i386 + RedHat Linux 6.2 alpha