Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Ethereal (v0.10.0-0.10.2) IGAP Dissector Message Overflow Exploit
From: Cael Abal <lists2 () onryou com>
Date: Sun, 28 Mar 2004 10:33:38 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lan Guy wrote:

| is ethereal ver 0.10.3 released 25th March 2004 still vulnerable?

0.10.3 was released in response to multiple vulnerabilities, one of
which included a buffer overflow in the IGAP dissector attributed to
Stefan Esser.

http://security.e-matters.de/advisories/032004.html

The important bit:

"When parsing an IGAP protocol packet that contains either an overlong
accountname (>17) or an overlong message (>65) different buffers may
overflow the stack, allowing an over-write of up to 238 (or 190) bytes.
In both cases remote code execution exploitation is possible."

The posted code generates an oversized message, exploiting the buffer
overflow fixed in 0.10.3.

Cael

PS:  Do your own homework next time.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAZu+2R2vQ2HfQHfsRAsNOAJ9U4tOzf+0YaDA6FXtHNlJ5gMIFJACgnmfN
7W/vUatOCQd9FV6WWWkE/dA=
=u7So
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault