Our testing program has turned up several more security
issues:
- The LDAP dissector could free static memory and crash.
- The AgentX dissector could crash.
- The 802.3 dissector could go into an infinite loop.
- The PER dissector could abort.
- The DHCP dissector could go into an infinite loop.
- The BER dissector could abort or loop infinitely.
- The MEGACO dissector could go into an infinite loop.
- The GIOP dissector could dereference a null pointer.
- The SMB dissector was susceptible to a buffer overflow.
- The WBXML could dereference a null pointer.
- The H1 dissector could go into an infinite loop.
- The DOCSIS dissector could cause a crash.
- The SMPP dissector could go into an infinite loop.
- SCTP graphs could crash.
- The HTTP dissector could crash.
- The SMB dissector could go into a large loop.
- The DCERPC dissector could crash.
- Several dissectors could crash while reassembling packets.
Steve Grubb at Red Hat found the following issues:
- The CAMEL dissector could dereference a null pointer.
- The DHCP dissector could crash.
- The CAMEL dissector could crash.
- The PER dissector could crash.
- The RADIUS dissector could crash.
- The Telnet dissector could crash.
- The IS-IS LSP dissector could crash.
- The NCP dissector could crash.
iDEFENSE found the following issues:
- Several dissectors were susceptible to a format string
overflow.
Impact:
It may be possible to make Ethereal crash, use up
available memory, or run arbitrary code by injecting a
purposefully malformed packet onto the wire or by
convincing someone to read a malformed packet trace
file.