Wireshark · Ethereal-users: [Ethereal-users] SOCKS decoding (small) bug

Ethereal-users: [Ethereal-users] SOCKS decoding (small) bug

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Jerome Delamarche" <jd@xxxxxxxxxxxxx>

Date: Sat, 13 Sep 2003 22:56:01 +0200

Hello,

During a SOCKS4 session debugging using Ethereal, I found a bug that
produces a "heap overflow". Here is how it comes:

1) a SOCKS client (v4 or v5) initiates a connection to a SOCKS server. The
standard server port for SOCKS is 1080.

2) in the CONNECT packet, the Client asks for a Destination Port which is
still 1080 (could be another SOCKS server !)

3) the server answers OK

4) the client now sends the payload.... and Ethereal crashes: it tries to
decode the payload based on the destination port given in the CONNECT
packet. Since it is the SOCKS port (1080), it creates an infinite loop that
includes "dissect_socks()" and "call_next_dissector()".

Since it creates a heap overflow, IMHO there is no vulnerability here (?)...
just a bug !

Ethereal's still a great product - Thanks to all

Jerome Delamarche

Prev by Date: Re: [Ethereal-users] Ethereal installation on Mac OS X--will not execute
Next by Date: RE: [Ethereal-users] Automation of Ethereal
Previous by thread: RE: [Ethereal-users] Multiple displays
Next by thread: [Ethereal-users] Problems with PCMCIA interfaces on an IBM laptop
Index(es):
- Date
- Thread