Results 1 to 4 of 4

Thread: Flaws in Ethereal

  1. #1
    Senior Member
    Join Date
    Feb 2004

    Flaws in Ethereal

    Did not see this posted elswhere, described as critical.

  2. #2
    Senior Member
    Join Date
    Nov 2001
    well if anybody didn't they better find out now:

    Ethereal 0.10.0-0.10.2 IGAP Overflow Remote Root Exploit

    * Ethereal IGAP Dissector Message Overflow Remote Root exploit
    * Copyright 2004 - EOS-India Group
    * Authors note:
    * Shellcode splitting technique:
    * Due to difficulty involved while following normal exploitation techniques due to shortage of memory space
    * for our shellcode, we used the technique of shellcode splitting. In this technique one part of the shellcode
    * is kept before the buffer which overwrites the saved EIP on stack followed by a jmp OFFSET instruction which
    * jumps EIP to the second half of the shellcode which is kept after return address. Also since our shellcode
    * requires EBP to contain a usuable stack address, we overwrite saved EBP also.
    * Disclaimer:
    * This code is for educational purpose and testing only. The Eye on Security Research Group - India, cannot
    * be held responsible for any damage caused due to misuse of this code.
    * This code is a proof of concept exploit for a serious vulnerability that exists in Ethereal 0.10.0 to
    * Ethereal 0.10.2.
    x86 linux portbind a shell in port 31337
    based on shellcode from
    with a few modifications by us

    this was released today on "that french" security site
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Note to everybody who doesn't realise this:

    Vulnerabilities in Ethereal are not as serious as they may sound. There are many mitigating factors:

    1. An attacker needs to know that you are running Ethereal in the first place
    2. Most people only run Ethereal occasionally (i.e. while diagnosing network problems)
    3. An attacker also needs to know where you're running ethereal and be able to route packets of the specified type to the host.
    4. Unless it's a really common type of protocol, it will probably be blocked by the firewall
    5. If the user has used capture filters in Ethereal which filter out the attacker's packets, they won't be vulnerable anyway.


  4. #4
    Join Date
    Apr 2003
    I dont really know much about this kinda thing but wouldnt it be kinda hard to get the dodgy packets to ethereal if a firewall between the network and internet was properly configured?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts