Wireshark · Ethereal-dev: [Ethereal-dev] SOCKS decoding (small bug)

Ethereal-dev: [Ethereal-dev] SOCKS decoding (small bug)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Jerome Delamarche" <jd@xxxxxxxxxxxxx>

Date: Sun, 14 Sep 2003 12:21:20 +0200

Hello,

During a SOCKS4 session debugging using Ethereal, I found a bug that
produces a "heap overflow". Here is how it comes:

1) a SOCKS client (v4 or v5) initiates a connection to a SOCKS server. The
standard server port for SOCKS is 1080.

2) in the CONNECT packet, the Client asks for a Destination Port which is
still 1080 (could be another SOCKS server !)

3) the server answers OK

4) the client now sends the payload.... and Ethereal crashes: it tries to
decode the payload based on the destination port given in the CONNECT
packet. Since it is the SOCKS port (1080), it creates an infinite loop that
includes "dissect_socks()" and "call_next_dissector()".

Since it creates a heap overflow, IMHO there is no vulnerability here (?)...
just a bug !

Ethereal's still a great product - Thanks to all

Jerome Delamarche

Follow-Ups:
- Re: [Ethereal-dev] SOCKS decoding (small bug)
  - From: Gilbert Ramirez
- Re: [Ethereal-dev] SOCKS decoding (small bug)
  - From: Guy Harris

Prev by Date: [Ethereal-dev] Unexpected behavior of "enable MAC name resolution"
Next by Date: [Ethereal-dev] "Problems" with current PER dissection
Previous by thread: Re: [Ethereal-dev] Unexpected behavior of "enable MAC name resolution"
Next by thread: Re: [Ethereal-dev] SOCKS decoding (small bug)
Index(es):
- Date
- Thread