APP: Ethereal EIGRP Protocol Dissector Overflow

This signature detects attempts to exploit a known vulnerability against Ethereal, a network analyzer application. Attackers can send a maliciously crafted EIGRP Membership Query response with an overly long prefix length to trigger a buffer overflow and execute arbitrary code.

Extended Description

Ethereal 0.10.3 has been released to address multiple vulnerabilities. These issues include: - Thirteen stack-based buffer overruns in various protocol dissectors (NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP). - A denial of service that is triggered by a zero length Presentation protocol selector. - Specially crafted RADIUS packets may cause a crash in Ethereal. - Corrupt color filter files may cause a crash in Ethereal. These issues may result in a denial of service or potentially be leveraged to execute arbitrary code in the instance of the buffer overruns.

Affected Products

Ethereal_group ethereal

References

BugTraq: 9952

CVE: CVE-2004-0176

URL: http://www.security.nnov.ru/search/document.asp?docid=5954 http://www.kb.cert.org/vuls/id/119876 http://www.securiteam.com/unixfocus/5AP0O15CAO.html

Short Name

APP:ETHEREAL:EIGRP-OF

Severity

Major

Recommended

False

Recommended Action

Drop

APP: Ethereal EIGRP Protocol Dissector Overflow

Extended Description

Affected Products

References

Found a potential security threat?