Ethereal-dev: Re: [Ethereal-dev] Ethereal 0.10.9 remote buffer overflow vulnerability

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Richard Sharpe <rsharpe@xxxxxxxxxxxxxxxxx>
Date: Tue, 1 Mar 2005 20:13:57 -0800 (PST)
On Tue, 1 Mar 2005, Diego Giagio wrote:

> I've been analyzing Ethereal's source code for a few days now and I found a
> remote buffer overflow vulnerability on one of its dissectors. An exploit was
> developed as proof-of-concept but won't be made public until the bug is
> corrected.

Thank you for putting the effort into this.

> I'll be waiting for your contact to give you more details. Hope this gets
> fixed as soon as possible.

If you haven't already been contacted, can you please send the details to
me and I will make sure that Gerald and Guy know about it and that a fix
is implemented ASAP.

Regards
-----
Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com