APP: Ethereal 3G-A11

This signature detects attempts to exploit a known vulnerability in Ethereal, a protocol analyzer. Ethereal versions 0.10.3 to 0.10.9 are vulnerable. Attackers can send an overly large string to overflow the buffer in the 3G-A11 protocol function, which dissects RADIUS authentication communications. Attackers can then execute arbitrary code with the permissions of the Ethereal user, typically root.

Extended Description

A remote buffer-overflow vulnerability reportedly affects Ethereal because it fails to securely copy network-derived data into sensitive process buffers. The specific issue resides in the 3GPP2 A11 dissector. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

Affected Products

Avaya s8710,Red_hat enterprise_linux_es

References

BugTraq: 12759

CVE: CVE-2005-0699

URL: http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-03-04 http://www.ethereal.com/appnotes/enpa-sa-00018.html

Short Name

APP:ETHEREAL:3G-A11-B0F

Severity

Major

Recommended

False

Recommended Action

Drop

APP: Ethereal 3G-A11

Extended Description

Affected Products

References

Found a potential security threat?