Info

Disclosure

Jul 26, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Ethereal contains an unspecified flaw related to the CAMEL dissector that may allow an attacker to cause a denial of service by dereferencing a null pointer. No further details have been provided.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 0.10.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Ethereal

0.10.11

References

Security Tracker: 1014583
Bugtraq ID: 14399
Secunia Advisory ID: 16225 16249 16276
ISS X-Force ID: 21612
Keyword: enpa-sa-00020
Other Advisory URL: http://security.gentoo.org/glsa/glsa-200507-27.xml
Vendor Specific Advisory URL: http://www.ethereal.com/appnotes/enpa-sa-00020.html

Credit

Steve Grubb -

Direct URL: http://osvdb.org/18386