[VIM] CVE Ethereal Overlap?
security curmudgeon
jericho at attrition.org
Sun May 8 15:32:47 EDT 2005
I'm working through the 50+ Ethereal breakout.. fun times =)
CAN-2005-1464
Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, (4)
EIGRP, (5) DLSw, (6) MEGACO, (7) LMP, and (8) RSVP dissectors in Ethereal
before 0.10.11 allow remote attackers to cause a denial of service
(infinite loop).
So the RSVP dissector is vuln to an infinite loop DoS..
CAN-2005-1281
Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of
service (infinite loop) via a crafted RSVP packet of length 4.
which refs:
BUGTRAQ:20050426 tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop
DOS.
i'd imagine 2005-1464 #8 is the same as 2005-1281?
More information about the VIM
mailing list