Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Ethereal Advisory - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Ethereal Advisory
In case you missed it last week, Idefense released an advisory regarding Ethereal, the very popular open source protocol analyzer. Several buffer overflow and DOS vulnerabilites are corrected with the latest release version - 0.10.13.

From http://www.ethereal.com/appnotes/enpa-sa-00021.html:
"It may be possible to make Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file."

The IDefense advisory is at: www.idefense.com/application/poi/display?id=323&type=vulnerabilities

There is exploit code for at least one of the BOF vulns. Now, who uses Ethereal, anyway? Net admins, incident handlers, auditors, analysts....nothing important to worry about on their systems, eh?

A great way to avoid getting bitten badly by these protocol parser attacks is to not run them as a super user, if you don't have to. Do your packet capturing with something dumb (like tethereal or tcpdump with the -w switch), then analyze as a non-priv user. This way an attacker is limited in the damage that can be done, should they slide the evil bits into your sniffer.

I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019

Johannes

3605 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!