Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:ETHEREAL:DISTCC-OF

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Ethereal DistCC Protocol Dissector Overflow

Release Date

 2005/07/13

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Ethereal DistCC Protocol Dissector Overflow


This signature detects attempts to exploit a known vulnerability against Ethereal, a network analyzer application. Attackers can send a maliciously crafted DistCC request to a DistCC server. If a user examines a packet capture of this attack using Ethereal 10.10 or below, the pcap overflows the buffer and executes arbitrary code on the Ethereal user's host.

Extended Description

A remote buffer overflow vulnerability affects Ethereal. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the DISTCC protocol dissector. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. This vulnerability affects Ethereal versions 0.8.13 through to 0.10.10. Note that this issue was originally disclosed in BID 13504.

Affected Products

  • Alt_linux alt_linux_compact 2.3.0
  • Alt_linux alt_linux_junior 2.3.0
  • Conectiva linux 10.0.0
  • Conectiva linux 9.0.0
  • Ethereal_group ethereal 0.10.0
  • Ethereal_group ethereal 0.10.1
  • Ethereal_group ethereal 0.10.2
  • Ethereal_group ethereal 0.10.3
  • Ethereal_group ethereal 0.10.4
  • Ethereal_group ethereal 0.10.5
  • Ethereal_group ethereal 0.10.6
  • Ethereal_group ethereal 0.10.7
  • Ethereal_group ethereal 0.10.8
  • Ethereal_group ethereal 0.10.9
  • Ethereal_group ethereal 0.9.13
  • Ethereal_group ethereal 0.9.14
  • Ethereal_group ethereal 0.9.15
  • Ethereal_group ethereal 0.9.16
  • Red_hat advanced_workstation_for_the_itanium_processor 2.1.0
  • Red_hat advanced_workstation_for_the_itanium_processor 2.1.0 IA64
  • Red_hat desktop 3.0.0
  • Red_hat desktop 4.0.0
  • Red_hat enterprise_linux_as 2.1
  • Red_hat enterprise_linux_as 2.1 IA64
  • Red_hat enterprise_linux_as 3
  • Red_hat enterprise_linux_as 4
  • Red_hat enterprise_linux_es 2.1
  • Red_hat enterprise_linux_es 2.1 IA64
  • Red_hat enterprise_linux_es 3
  • Red_hat enterprise_linux_es 4
  • Red_hat enterprise_linux_ws 2.1
  • Red_hat enterprise_linux_ws 2.1 IA64
  • Red_hat enterprise_linux_ws 3
  • Red_hat enterprise_linux_ws 4

References

  • BugTraq: 13567
  • CVE: CVE-2005-1461
  • URL: http://www.securiteam.com/securitynews/5AP0C00FPO.html
  • URL: http://www.ethereal.com/appnotes/enpa-sa-00019.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out