APP: Ethereal IGAP Protocol Dissector Account Overflow

This signature detects attempts to exploit a known vulnerability against Ethereal, a network analyzer application. Attackers can send a maliciously crafted IGAP Membership Query request with an overly long account name or message, to overflow the buffer and execute arbitrary code.

Extended Description

Ethereal 0.10.3 has been released to address multiple vulnerabilities. These issues include: - Thirteen stack-based buffer overruns in various protocol dissectors (NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP). - A denial of service that is triggered by a zero length Presentation protocol selector. - Specially crafted RADIUS packets may cause a crash in Ethereal. - Corrupt color filter files may cause a crash in Ethereal. These issues may result in a denial of service or potentially be leveraged to execute arbitrary code in the instance of the buffer overruns.

Affected Products

Ethereal_group ethereal

References

BugTraq: 9952

CVE: CVE-2004-0176

URL: http://www.security.nnov.ru/search/document.asp?docid=5954 http://www.kb.cert.org/vuls/id/119876 http://www.securiteam.com/unixfocus/5AP0O15CAO.html

Short Name

APP:ETHEREAL:IGAP-ACCT-OF

Severity

Critical

Recommended

False

Recommended Action

Drop

APP: Ethereal IGAP Protocol Dissector Account Overflow

Extended Description

Affected Products

References

Found a potential security threat?