|
Full Disclosure
mailing list archives
Re: Ethereal (v0.10.0-0.10.2) IGAP Dissector Message Overflow Exploit
From: Cael Abal <lists2 () onryou com>
Date: Sun, 28 Mar 2004 10:33:38 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lan Guy wrote:
| is ethereal ver 0.10.3 released 25th March 2004 still vulnerable?
0.10.3 was released in response to multiple vulnerabilities, one of
which included a buffer overflow in the IGAP dissector attributed to
Stefan Esser.
http://security.e-matters.de/advisories/032004.html
The important bit:
"When parsing an IGAP protocol packet that contains either an overlong
accountname (>17) or an overlong message (>65) different buffers may
overflow the stack, allowing an over-write of up to 238 (or 190) bytes.
In both cases remote code execution exploitation is possible."
The posted code generates an oversized message, exploiting the buffer
overflow fixed in 0.10.3.
Cael
PS: Do your own homework next time.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAZu+2R2vQ2HfQHfsRAsNOAJ9U4tOzf+0YaDA6FXtHNlJ5gMIFJACgnmfN
7W/vUatOCQd9FV6WWWkE/dA=
=u7So
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
|
Intro
