Ethereal-users: [Ethereal-users] Fw: [SA15144] Ethereal RSVP Protocol Decoding Denial of Service

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Senthil Prabu.S" <praboos@xxxxxxxxx>
Date: Thu, 28 Apr 2005 15:12:02 +0530
Hi Ethereal Team,

     When can we expect a next stable version that has a fix to the below
mentioned Vulnerability.

--
Senthil Prabu.S

----- Original Message ----- From: "Secunia Security Advisories" <sec-adv@xxxxxxxxxxx>
To: <prabu333@xxxxxxxxxx>
Sent: Wednesday, April 27, 2005 9:09 PM
Subject: [SA15144] Ethereal RSVP Protocol Decoding Denial of Service Vulnerability



----------------------------------------------------------------------

Want a new IT Security job?

Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
Ethereal RSVP Protocol Decoding Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA15144

VERIFY ADVISORY:
http://secunia.com/advisories/15144/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
From remote

SOFTWARE:
Ethereal 0.x
http://secunia.com/product/1228/

DESCRIPTION:
Vade79 has reported a vulnerability in Ethereal, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the decoding of the
RSVP protocol and can be exploited via a specially crafted RSVP
packet.

Successful exploitation causes Ethereal to enter an infinite loop and
stop responding.

The vulnerability has been reported in version 0.10.10. Prior
versions may also be affected.

SOLUTION:
The vulnerability has reportedly been fixed in the CVS repository.

PROVIDED AND/OR DISCOVERED BY:
Vade79

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=prabu333%40hotpop.com

----------------------------------------------------------------------