• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Ethereal ASN.1 String Memory Allocation Denial Of Service Vulnerability

Ethereal is a freely available, open source network traffic analysis tool. It is maintained by the Ethereal Project.

Under some circumstances, Ethereal can be made to crash. When malformed ASN.1 messages are parsed by Ethereal, memory may be misallocated. This may result in crashes possibly due to corruption of internal malloc structures. It is not known if this condition can be exploited to execute arbitrary code.

This vulnerability is an example of the inherent vulnerabilities that exist in ASN.1, as discovered in research done by the University of Oulu in development of the PROTOS test suite. Many more ASN.1 implementations may prove to be vulnerable as a result of rigorous PROTOS testing. Various ASN.1 implementations are widely deployed and potentially prone to the inherent vulnerabilities discovered during the development of the PROTOS test-suite. This should be considered a serious threat with far-reaching consequences.