mailing list archives
Re: [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug
From: Richard Sharpe <sharpe () NS AUS COM>
Date: Tue, 21 Nov 2000 07:14:04 +1000
At 05:17 PM 11/19/00 -0800, Kris Kennaway wrote:
On Sat, Nov 18, 2000 at 09:36:32PM +0900, JW Oh wrote:
1. Name: Ethereal 0.8.13 AFS ACL parsing buffer overflow bug
2. Release Date: 2000.11.18
3. Affected Application:
Ethereal 0.8.13(latest version)
ethereal-web () ethereal com
4. Author: mat () hacksware com
Looks awfully similar to the identical bug we found in tcpdump. Due
Having looked at both tcpdump-latest's print-rx.c and Ethereal's
packet-afs.c, while the code is structured very differently, the underlying
bug is very much the same, as it is exploiting essentially the same sscanf
to pick up the same field in each case.
So, I would agree that the FreeBSD folks should get priority on this, FWIW.
BTW Kris, I agree that the patch works, as the limit is correctly specified
in the caller of acl_print in tcpdump.
Attachment Converted: "c:\eudora\attach\Re [hacksware] Ethereal 0.8.13"
Richard Sharpe, sharpe () ns aus com
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba