Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:ETHEREAL:DISTCC-OF

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Ethereal DistCC Protocol Dissector Overflow

Release Date

 2005/07/13

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: Ethereal DistCC Protocol Dissector Overflow


This signature detects attempts to exploit a known vulnerability against Ethereal, a network analyzer application. Attackers can send a maliciously crafted DistCC request to a DistCC server. If a user examines a packet capture of this attack using Ethereal 10.10 or below, the pcap overflows the buffer and executes arbitrary code on the Ethereal user's host.

Extended Description

A remote buffer overflow vulnerability affects Ethereal. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the DISTCC protocol dissector. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. This vulnerability affects Ethereal versions 0.8.13 through to 0.10.10. Note that this issue was originally disclosed in BID 13504.

Affected Products

  • ALT Linux ALT Linux Compact 2.3.0
  • ALT Linux ALT Linux Junior 2.3.0
  • Conectiva Linux 10.0.0
  • Conectiva Linux 9.0.0
  • Ethereal Group Ethereal 0.10.0
  • Ethereal Group Ethereal 0.10.1
  • Ethereal Group Ethereal 0.10.2
  • Ethereal Group Ethereal 0.10.3
  • Ethereal Group Ethereal 0.10.4
  • Ethereal Group Ethereal 0.10.5
  • Ethereal Group Ethereal 0.10.6
  • Ethereal Group Ethereal 0.10.7
  • Ethereal Group Ethereal 0.10.8
  • Ethereal Group Ethereal 0.10.9
  • Ethereal Group Ethereal 0.9.13
  • Ethereal Group Ethereal 0.9.14
  • Ethereal Group Ethereal 0.9.15
  • Ethereal Group Ethereal 0.9.16
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0
  • Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
  • Red Hat Desktop 3.0.0
  • Red Hat Desktop 4.0.0
  • Red Hat Enterprise Linux AS 2.1
  • Red Hat Enterprise Linux AS 2.1 IA64
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux ES 2.1
  • Red Hat Enterprise Linux ES 2.1 IA64
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux WS 2.1
  • Red Hat Enterprise Linux WS 2.1 IA64
  • Red Hat Enterprise Linux WS 3
  • Red Hat Enterprise Linux WS 4

References

  • BugTraq: 13567
  • CVE: CVE-2005-1461
  • URL: http://www.securiteam.com/securitynews/5AP0C00FPO.html
  • URL: http://www.ethereal.com/appnotes/enpa-sa-00019.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out