Secunia Advisory: SA12024
Release Date: 2004-07-07
Critical: Moderately critical
Impact: DoS
System access Where: From local network
Software: Ethereal 0.x
Description:
Three vulnerabilities have been discovered in Ethereal, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1) An unspecified error within the iSNS dissector can reportedly make Ethereal abort in certain cases.
This vulnerability affects versions 0.10.3 and 0.10.4.
2) An unspecified error within the SMB dissector may crash the application when SID snooping is enabled and there is no policy name for a handle.
This vulnerability affects versions 0.9.15 through 0.10.4.
3) An unspecified error within the SNMP dissector can be exploited to crash the application via a malformed or missing community string.
This vulnerability affects versions 0.8.15 through 0.10.4.
Solution:
Update to version 0.10.5 when it becomes available:
http://www.ethereal.com/download.html
Disable the affected protocol dissectors.
Provided and/or discovered by:
Reported by vendor.
