New Ethereal NT ACE Parsing DoS Vulnerability
Principal Research Engineer Brian Caswell, a member of the VRT, uncovered this vulnerability while conducting research on SMB for the Sourcefire 3D System and the Snort IDS. The VRT quickly determined that this vulnerability could be triggered remotely in numerous applications that embed Ethereal and worked closely with the Ethereal development team to provide detection capabilities at the time of the public announcement. The company has released new rules for the Sourcefire 3D System and Snort IDS so that customers can immediately identify malicious traffic and better protect their networks against attack.
Ethereal is a network protocol analyzer used by network professionals around the world and is embedded in many commercial applications. Ethereal helps network professionals diagnose network problems, conduct research, and develop new protocols.
A vulnerability was discovered in the way Ethereal processes certain types of Microsoft Windows NT Access Control List (ACL) and Access Control Entries (ACE) structures as it reads them from data on a network. The problem exists in the allocation of memory when reading these structures; attackers can exploit this problem to cause Ethereal to allocate a large amount of memory that leads to a Denial of Service (DoS) condition that terminates the application.
For more information about this vulnerability and how to obtain Sourcefire or Snort Rules click here
Source: press release
See also:
New Virus Poses as a Message from BitDefender
Bitform Discover Identifies Hidden Data in MS Office Documents
New Worm Poses As Breaking News Headlines
Permalink: New Ethereal NT ACE Parsing DoS Vulnerability
Posted 12/17/04 | Filed under: Security |
