Ethereal Security Issue

Published: 2005-12-30
Last Updated: 2005-12-30 19:25:06 UTC
by Scott Fendley (Version: 2)
0 comment(s)
While catching up on email from the past week, I noticed a security issue that has fallen by the wayside in the midst of all of the 0-day exploit discussion.  On Tuesday, Ethereal released a security advisory which discusses problems with 3 of its dissectors.  Of particular note is the IRC dissector can go into an infinite loop.  As you, our loyal readers, have probably already noted mentally, the IRC dissector is a fairly important one as we eavesdrop on botnets that primarily use irc as its command and control channel.

It is possible that one could run arbitrary code through the vulnerability with the OSPF dissector, but more likely you will just have Ethereal crash or use up all available system resources.

The new version is available at .


There appears to be typo in Ethereal's advisory in the resolution section.  From the information provided I would recommend upgrading to 0.10.14  not 0.10.13 as the advisory states.  Note the following line right under the assumed typo of upgrading to 0.10.13.

"If you are running a version prior to 0.10.14 and you cannot upgrade, you can disable the GTP, IRC, and OSPF protocol dissectors by selecting Analyze->Enabled Protocols... and disabling them in the list."

This along with summary line that states "Versions Affected: 0.8.20 up to and including 0.10.13" makes me think there is a typo on their advisory.  So upgrade to 0.10.14 if you haven't already. 

Scott Fendley
Handler on Duty

0 comment(s)


Diary Archives