Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug
From: Richard Sharpe <sharpe () NS AUS COM>
Date: Tue, 21 Nov 2000 07:14:04 +1000

At 05:17 PM 11/19/00 -0800, Kris Kennaway wrote:
On Sat, Nov 18, 2000 at 09:36:32PM +0900, JW Oh wrote:
   Bug Report

1. Name: Ethereal 0.8.13 AFS ACL parsing buffer overflow bug
2. Release Date: 2000.11.18
3. Affected Application:
 Ethereal 0.8.13(latest version)
 ethereal-web () ethereal com
4. Author: mat () hacksware com

Looks awfully similar to the identical bug we found in tcpdump. Due
credit, please!

Having looked at both tcpdump-latest's print-rx.c and Ethereal's
packet-afs.c, while the code is structured very differently, the underlying
bug is very much the same, as it is exploiting essentially the same sscanf
to pick up the same field in each case.

So, I would agree that the FreeBSD folks should get priority on this, FWIW.

BTW Kris, I agree that the patch works, as the limit is correctly specified
in the caller of acl_print in tcpdump.


Attachment Converted: "c:\eudora\attach\Re [hacksware] Ethereal 0.8.13"

Richard Sharpe, sharpe () ns aus com
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]