Bugtraq mailing list archives
Re: [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug
From: Richard Sharpe <sharpe () NS AUS COM>
Date: Tue, 21 Nov 2000 07:14:04 +1000
At 05:17 PM 11/19/00 -0800, Kris Kennaway wrote:
On Sat, Nov 18, 2000 at 09:36:32PM +0900, JW Oh wrote:Bug Report 1. Name: Ethereal 0.8.13 AFS ACL parsing buffer overflow bug 2. Release Date: 2000.11.18 3. Affected Application: Ethereal 0.8.13(latest version) http://www.ethereal.com/ ethereal-web () ethereal com 4. Author: mat () hacksware comLooks awfully similar to the identical bug we found in tcpdump. Due credit, please!
Having looked at both tcpdump-latest's print-rx.c and Ethereal's packet-afs.c, while the code is structured very differently, the underlying bug is very much the same, as it is exploiting essentially the same sscanf to pick up the same field in each case. So, I would agree that the FreeBSD folks should get priority on this, FWIW. BTW Kris, I agree that the patch works, as the limit is correctly specified in the caller of acl_print in tcpdump.
Kris Attachment Converted: "c:\eudora\attach\Re [hacksware] Ethereal 0.8.13"
Regards ------- Richard Sharpe, sharpe () ns aus com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba
Current thread:
- [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug JW Oh (Nov 20)
- Re: [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug Kris Kennaway (Nov 21)
- Re: [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug Richard Sharpe (Nov 21)
- Re: [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug Kris Kennaway (Nov 21)