>
> which version of Ethereal are you referring to with your statement? Also
> sample packets or traces that demonstrate the problem would be most
> welcome. Thanks for your help.
>
I will see if I can dig up some more specific non-anecdotal data, but for
now...
It would have been version(s) 0.8.13 and probably 0.8.12 as well.
The problem usally occured when using tethereal -Vx although I'm pretty
sure it crashed the GUI version.
Regarding DNS, I was doing things like (this didn't crash it)
# sendip 192.168.0.1 -is 192.168.0.50 -p UDP -us 53 -ul 100 -ud 53 -d
aabbccdd
09:30:20.215437 192.168.0.50.53 > 192.168.0.1.53: 43707 updataA Resp13*
[0q] 0/0/0 (4)
0x0000 4500 0020 2428 0000 ff11 1621 c0a8 0032 E...$(.....!...2
0x0010 c0a8 0001 0035 0035 0064 05f7 aabb ccdd .....5.5.d......
Regarding ISAKMP, it would have would have been a problem with undersized
payload length values, especially with SA proposals. Sorry I can't be more
specific.
Did the fixes in 0.8.14 solve a generic problem with malformed data
(possibly with UDP) or just the AFS issue based on the exploit that went
public?
In the future, if we run across this again I'll post it here
vs. BUGTRAQ. :) Hopefully my post won't spawn another round of ethereal
exploits ;)
-mdf
