[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Ethereal (v0.10.0-0.10.2) IGAP Dissector Message Overflow Exploit
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Ethereal (v0.10.0-0.10.2) IGAP Dissector Message Overflow Exploit
- From: Cael Abal <lists2@xxxxxxxxxx>
- Date: Sun, 28 Mar 2004 10:33:38 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lan Guy wrote:
| is ethereal ver 0.10.3 released 25th March 2004 still vulnerable?
0.10.3 was released in response to multiple vulnerabilities, one of
which included a buffer overflow in the IGAP dissector attributed to
Stefan Esser.
http://security.e-matters.de/advisories/032004.html
The important bit:
"When parsing an IGAP protocol packet that contains either an overlong
accountname (>17) or an overlong message (>65) different buffers may
overflow the stack, allowing an over-write of up to 238 (or 190) bytes.
In both cases remote code execution exploitation is possible."
The posted code generates an oversized message, exploiting the buffer
overflow fixed in 0.10.3.
Cael
PS: Do your own homework next time.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAZu+2R2vQ2HfQHfsRAsNOAJ9U4tOzf+0YaDA6FXtHNlJ5gMIFJACgnmfN
7W/vUatOCQd9FV6WWWkE/dA=
=u7So
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html