[VIM] CVE Ethereal Overlap?
Steven M. Christey
coley at linus.mitre.org
Thu May 12 17:17:25 EDT 2005
On Sun, 8 May 2005, security curmudgeon wrote:
> I'm working through the 50+ Ethereal breakout.. fun times =)
Absolutely!
> CAN-2005-1464
> Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, (4)
> EIGRP, (5) DLSw, (6) MEGACO, (7) LMP, and (8) RSVP dissectors in Ethereal
> before 0.10.11 allow remote attackers to cause a denial of service
> (infinite loop).
>
> So the RSVP dissector is vuln to an infinite loop DoS..
>
> CAN-2005-1281
> Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of
> service (infinite loop) via a crafted RSVP packet of length 4.
>
> which refs:
> BUGTRAQ:20050426 tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop
> DOS.
>
>
> i'd imagine 2005-1464 #8 is the same as 2005-1281?
Probably. I'll send a confirmation email just to be sure, though.
- Steve
More information about the VIM
mailing list