Info

Disclosure

May 14, 2004

Discovery

Unknown

Dates

Exploit

May 14, 2004

Solution

Unknown

Description

Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered by sending malformed traffic which causes a null pointer dereference in the SPNEGO dissector, and will result in loss of availability for the product.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 0.10.4 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable SPNEGO protocol dissector

Products

Ethereal	Ethereal	0.10.0
		0.10.1
		0.10.2
		0.10.3
		0.9.10
		0.9.11
		0.9.12
		0.9.13
		0.9.14
		0.9.15
		0.9.16
		0.9.8
		0.9.9

References

Security Tracker: 1010158
Bugtraq ID: 10347
Secunia Advisory ID: 11608 11776
ISS X-Force ID: 16151
CVE ID: 2003-0430 (see also: NVD)
Related OSVDB ID: 6131 6132 6134
Other Advisory URL: http://www.ethereal.com/appnotes/enpa-sa-00014.html
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200406-01.xml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/6133