Overview
Ethereal is a network traffic analysis package. The PPP packet dissector contains a vulnerability that may result in the execution of arbitrary code.
Description
The PPP packet dissector for Ethereal contains an integer overflow vulnerability. According to the Ethereal Advisory, tvb_get_nstringz() and tvb_get_nstringz0() were used in an unsafe manner. Versions 0.9.11 and earlier of Ethereal are affected. |
Impact
It may be possible for a remote attacker to crash the program or run arbitrary code on the system via a crafted packet. |
Solution
Upgrade to version 0.9.12 which resolves this issue. |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
Thanks to Timo Sirainen for reporting this vulnerability.
This document was written by Jason A Rafail and is based upon information in the Ethereal Advisory.
Other Information
CVE IDs: | None |
Severity Metric: | 6.95 |
Date Public: | 2003-05-01 |
Date First Published: | 2003-05-12 |
Date Last Updated: | 2003-05-12 18:37 UTC |
Document Revision: | 5 |