Wireshark · Ethereal-dev: Re: [Ethereal-dev] SOCKS decoding (small bug)

Ethereal-dev: Re: [Ethereal-dev] SOCKS decoding (small bug)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gilbert Ramirez <gram@xxxxxxxxxxxxxxx>

Date: Mon, 15 Sep 2003 19:56:32 -0000

On Sun, 2003-09-14 at 05:21, Jerome Delamarche wrote:
> Hello,
> 
> During a SOCKS4 session debugging using Ethereal, I found a bug that
> produces a "heap overflow". Here is how it comes:
> 
> 1) a SOCKS client (v4 or v5) initiates a connection to a SOCKS server. The
> standard server port for SOCKS is 1080.
> 
> 2) in the CONNECT packet, the Client asks for a Destination Port which is
> still 1080 (could be another SOCKS server !)
> 
> 3) the server answers OK
> 
> 4) the client now sends the payload.... and Ethereal crashes: it tries to
> decode the payload based on the destination port given in the CONNECT
> packet. Since it is the SOCKS port (1080), it creates an infinite loop that
> includes "dissect_socks()" and "call_next_dissector()".
> 
> Since it creates a heap overflow, IMHO there is no vulnerability here (?)...
> just a bug ! 
> 
> Ethereal's still a great product - Thanks to all
> 
> Jerome Delamarche
> 

Can you send a capture file with a packet that produces this error?

--gilbert

References:
- [Ethereal-dev] SOCKS decoding (small bug)
  - From: Jerome Delamarche

Prev by Date: Re: [Ethereal-dev] Patches for -z options
Next by Date: [Ethereal-dev] GTK+ 2.2.3 Ethereal 0.9.15
Previous by thread: [Ethereal-dev] SOCKS decoding (small bug)
Next by thread: Re: [Ethereal-dev] SOCKS decoding (small bug)
Index(es):
- Date
- Thread