Intrusion Prevention

Ethereal.SOCKS.Dissector.Buffer.Overflow

Description

This indicates an attack attempt to exploit a Format String vulnerability in Ethereal/Wireshark.
The vulnerability is due to an input validation error when handling SOCKS protocol packets. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via crafted packets.

Affected Products

Ethereal Group Ethereal 0.9.8
Ethereal Group Ethereal 0.9.7
Ethereal Group Ethereal 0.9.6
Ethereal Group Ethereal 0.9.5
Ethereal Group Ethereal 0.9.4
Ethereal Group Ethereal 0.9.3
Ethereal Group Ethereal 0.9.2
Ethereal Group Ethereal 0.9.1
Ethereal Group Ethereal 0.9.0
Ethereal Group Ethereal 0.8.18
Ethereal Group Ethereal 0.9.9

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version of Ethereal (now known as Wireshark):
https://www.wireshark.org/download.html

CVE References

CVE-2003-0081

Other References

PoC