APP: Ethereal DistCC Protocol Dissector Overflow
This signature detects attempts to exploit a known vulnerability against Ethereal, a network analyzer application. Attackers can send a maliciously crafted DistCC request to a DistCC server. If a user examines a packet capture of this attack using Ethereal 10.10 or below, the pcap overflows the buffer and executes arbitrary code on the Ethereal user's host.
Extended Description
A remote buffer overflow vulnerability affects Ethereal. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the DISTCC protocol dissector. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. This vulnerability affects Ethereal versions 0.8.13 through to 0.10.10. Note that this issue was originally disclosed in BID 13504.
Affected Products
Ethereal_group ethereal
References
BugTraq: 13567
CVE: CVE-2005-1461
URL: http://www.securiteam.com/securitynews/5AP0C00FPO.html http://www.ethereal.com/appnotes/enpa-sa-00019.html
Short Name
APP:ETHEREAL:DISTCC-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2005-1461 Dissector DistCC Ethereal Overflow Protocol bid:13567
Release Date
07/13/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/3632
False Positive
Unknown
Vendors
Red_hat
Conectiva
Ethereal_group
Alt_linux
CVSS Score
7.5