• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Ethereal RADIUS Authentication Dissection Buffer Overflow Vulnerability

Severity: HIGH

Description:

A remote buffer-overflow vulnerability reportedly affects Ethereal because it fails to securely copy network-derived data into sensitive process buffers. The specific issue resides in the 3GPP2 A11 dissector.

The problem presents itself when the affected utility attempts to dissect CDMA2000 A11 RADIUS packets. Apparently, in the 'dissect_a11_radius()' function of the 'packet-3g-a11.c' file, a value taken from a network packet is used to define the number of bytes copied from the packet, allowing an attacker to control the number of bytes copied into the finite buffer.

Reportedly, the target buffer is 16 bytes in size, although it is possible to specify a size of 256 bytes. Reportedly, an attacker may be able to copy more than 256 bytes by exploiting an integer overflow in the same copying function; apparently the size used to specify the number of bytes copied is reduced by two and interpreted as unsigned, facilitating the copying of a large number of bytes.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

Affected Products:

• ALT Linux ALT Linux Compact 2.3.0
• ALT Linux ALT Linux Junior 2.3.0
• Avaya Converged Communications Server 2.0.0
• Avaya S8300 R2.0.0
• Avaya S8300 R2.0.1
• Avaya S8500 R2.0.0
• Avaya S8500 R2.0.1
• Avaya S8700 R2.0.0
• Avaya S8700 R2.0.1
• Avaya S8710 R2.0.0
• Avaya S8710 R2.0.1
• Conectiva Linux 10.0.0
• Conectiva Linux 9.0.0
• Ethereal Group Ethereal 0.10.0
• Ethereal Group Ethereal 0.10.1
• Ethereal Group Ethereal 0.10.2
• Ethereal Group Ethereal 0.10.3
• Ethereal Group Ethereal 0.10.4
• Ethereal Group Ethereal 0.10.5
• Ethereal Group Ethereal 0.10.6
• Ethereal Group Ethereal 0.10.7
• Ethereal Group Ethereal 0.10.8
• Ethereal Group Ethereal 0.10.9
• Gentoo Linux
• MandrakeSoft Linux Mandrake 10.0.0
• MandrakeSoft Linux Mandrake 10.0.0 amd64
• MandrakeSoft Linux Mandrake 10.1.0
• MandrakeSoft Linux Mandrake 10.1.0 x86_64
• RedHat Advanced Workstation for the Itanium Processor 2.1.0
• RedHat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• RedHat Desktop 3.0.0
• RedHat Desktop 4.0.0
• RedHat Enterprise Linux AS 2.1
• RedHat Enterprise Linux AS 2.1 IA64
• RedHat Enterprise Linux AS 3
• RedHat Enterprise Linux AS 4
• RedHat Enterprise Linux ES 2.1
• RedHat Enterprise Linux ES 2.1 IA64
• RedHat Enterprise Linux ES 3
• RedHat Enterprise Linux ES 4
• RedHat Enterprise Linux WS 2.1
• RedHat Enterprise Linux WS 2.1 IA64
• RedHat Enterprise Linux WS 3
• RedHat Enterprise Linux WS 4
• RedHat Fedora Core1
• RedHat Fedora Core2
• RedHat Linux 7.3.0
• RedHat Linux 7.3.0 i386
• RedHat Linux 7.3.0 i686
• RedHat Linux 9.0.0 i386
• S.u.S.E. Linux Personal 9.0.0
• S.u.S.E. Linux Personal 9.1.0
• S.u.S.E. Linux Personal 9.2.0

References:

• ALT Linux: [security-announce] I: updated packages available
• Avaya: ASA-2005-131 - Ethereal
• Ethereal Group: The Ethereal Network Analyzer
• Ethereal Group: enpa-sa-00018 Multiple problems in Ethereal versions 0.9.1 to 0.10.9
• RedHat: RHSA-2005:306-10 - ethereal security update

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.