Package: ethereal Version: 0.10.9-1 Severity: grave Tags: security There is remote buffer overflow vulnerability in Ethereal dissector for CDMA2000 A11 packets. Vulnerability is located in dissect_a11_radius() function in packet-3g-a11.c used for RADIUS authentication dissection. Number of bytes that will be copied from packet to buffer in stack is taken from packet itself. 16 bytes are reserved for that buffer, and string length can be up to 256 bytes (unsigned char), so is possible to overflow local variables and return address.
http://www.securityfocus.com/archive/1/392659 A fixed version should be released upstream on March 10th. I think a fix is already available in upstream svn, based on this page: http://www.securityfocus.com/bid/12759/solution/ -- see shy jo
signature.asc
Description: Digital signature