Wireshark · Ethereal-dev: Re: [Ethereal-dev] Ethereal 0.10.9 remote buffer overflow vulnerability

Ethereal-dev: Re: [Ethereal-dev] Ethereal 0.10.9 remote buffer overflow vulnerability

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard Sharpe <rsharpe@xxxxxxxxxxxxxxxxx>

Date: Tue, 1 Mar 2005 20:13:57 -0800 (PST)

On Tue, 1 Mar 2005, Diego Giagio wrote:

> I've been analyzing Ethereal's source code for a few days now and I found a
> remote buffer overflow vulnerability on one of its dissectors. An exploit was
> developed as proof-of-concept but won't be made public until the bug is
> corrected.

Thank you for putting the effort into this.

> I'll be waiting for your contact to give you more details. Hope this gets
> fixed as soon as possible.

If you haven't already been contacted, can you please send the details to
me and I will make sure that Gerald and Guy know about it and that a fix
is implemented ASAP.

Regards
-----
Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com

References:
- [Ethereal-dev] Ethereal 0.10.9 remote buffer overflow vulnerability
  - From: Diego Giagio

Prev by Date: Re: [Ethereal-dev] New dissector: packet-retix-bpdu.c
Next by Date: RE: [Ethereal-dev] VoIP calls analysis and text2pcap
Previous by thread: [Ethereal-dev] Ethereal 0.10.9 remote buffer overflow vulnerability
Next by thread: Re: [Ethereal-dev] SCTP patch: put source and destination ports in tree
Index(es):
- Date
- Thread