Short Name |
APP:ETHEREAL:DISTCC-OF |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Ethereal DistCC Protocol Dissector Overflow |
Release Date |
2005/07/13 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Ethereal, a network analyzer application. Attackers can send a maliciously crafted DistCC request to a DistCC server. If a user examines a packet capture of this attack using Ethereal 10.10 or below, the pcap overflows the buffer and executes arbitrary code on the Ethereal user's host.
A remote buffer overflow vulnerability affects Ethereal. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the DISTCC protocol dissector. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. This vulnerability affects Ethereal versions 0.8.13 through to 0.10.10. Note that this issue was originally disclosed in BID 13504.