This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:ETHEREAL:3G-A11-B0F
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
Ethereal 3G-A11
|
Release Date |
2005/03/28
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Ethereal 3G-A11
This signature detects attempts to exploit a known vulnerability in Ethereal, a protocol analyzer. Ethereal versions 0.10.3 to 0.10.9 are vulnerable. Attackers can send an overly large string to overflow the buffer in the 3G-A11 protocol function, which dissects RADIUS authentication communications. Attackers can then execute arbitrary code with the permissions of the Ethereal user, typically root.
Extended Description
A remote buffer-overflow vulnerability reportedly affects Ethereal because it fails to securely copy network-derived data into sensitive process buffers. The specific issue resides in the 3GPP2 A11 dissector.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
Affected Products
- Alt_linux alt_linux_compact 2.3.0
- Alt_linux alt_linux_junior 2.3.0
- Avaya converged_communications_server 2.0.0
- Avaya s8300 R2.0.0
- Avaya s8300 R2.0.1
- Avaya s8500 R2.0.0
- Avaya s8500 R2.0.1
- Avaya s8700 R2.0.0
- Avaya s8700 R2.0.1
- Avaya s8710 R2.0.0
- Avaya s8710 R2.0.1
- Conectiva linux 10.0.0
- Conectiva linux 9.0.0
- Ethereal_group ethereal 0.10.0
- Ethereal_group ethereal 0.10.1
- Ethereal_group ethereal 0.10.2
- Ethereal_group ethereal 0.10.3
- Ethereal_group ethereal 0.10.4
- Ethereal_group ethereal 0.10.5
- Ethereal_group ethereal 0.10.6
- Ethereal_group ethereal 0.10.7
- Ethereal_group ethereal 0.10.8
- Ethereal_group ethereal 0.10.9
- Red_hat advanced_workstation_for_the_itanium_processor 2.1.0
- Red_hat advanced_workstation_for_the_itanium_processor 2.1.0 IA64
- Red_hat desktop 3.0.0
- Red_hat desktop 4.0.0
- Red_hat enterprise_linux_as 2.1
- Red_hat enterprise_linux_as 2.1 IA64
- Red_hat enterprise_linux_as 3
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_es 2.1
- Red_hat enterprise_linux_es 2.1 IA64
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 2.1
- Red_hat enterprise_linux_ws 2.1 IA64
- Red_hat enterprise_linux_ws 3
- Red_hat enterprise_linux_ws 4
- Red_hat fedora Core1
- Red_hat fedora Core2
- Red_hat linux 7.3.0
- Red_hat linux 7.3.0 I386
- Red_hat linux 7.3.0 I686
- Red_hat linux 9.0.0 I386
References