An Ethreal Security Advisories reports:
An aggressive testing program as well as independent
discovery has turned up a multitude of security issues:
- The ANSI A dissector was susceptible to format string
vulnerabilities. Discovered by Bryan Fulton.
- The GSM MAP dissector could crash.
- The AIM dissector could cause a crash.
- The DISTCC dissector was susceptible to a buffer
overflow. Discovered by Ilja van Sprundel
- The FCELS dissector was susceptible to a buffer
overflow. Discovered by Neil Kettle
- The SIP dissector was susceptible to a buffer
overflow. Discovered by Ejovi Nuwere.
- The KINK dissector was susceptible to a null pointer
exception, endless looping, and other problems.
- The LMP dissector was susceptible to an endless
loop.
- The Telnet dissector could abort.
- The TZSP dissector could cause a segmentation
fault.
- The WSP dissector was susceptible to a null pointer
exception and assertions.
- The 802.3 Slow protocols dissector could throw an
assertion.
- The BER dissector could throw assertions.
- The SMB Mailslot dissector was susceptible to a null
pointer exception and could throw assertions.
- The H.245 dissector was susceptible to a null pointer
exception.
- The Bittorrent dissector could cause a segmentation
fault.
- The SMB dissector could cause a segmentation fault and
throw assertions.
- The Fibre Channel dissector could cause a crash.
- The DICOM dissector could attempt to allocate large
amounts of memory.
- The MGCP dissector was susceptible to a null pointer
exception, could loop indefinitely, and segfault.
- The RSVP dissector could loop indefinitely.
- The DHCP dissector was susceptible to format string
vulnerabilities, and could abort.
- The SRVLOC dissector could crash unexpectedly or go
into an infinite loop.
- The EIGRP dissector could loop indefinitely.
- The ISIS dissector could overflow a buffer.
- The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit,
PKIX Qualified, and X.509 dissectors could overflow
buffers.
- The NDPS dissector could exhaust system memory or
cause an assertion, or crash.
- The Q.931 dissector could try to free a null pointer
and overflow a buffer.
- The IAX2 dissector could throw an assertion.
- The ICEP dissector could try to free the same memory
twice.
- The MEGACO dissector was susceptible to an infinite
loop and a buffer overflow.
- The DLSw dissector was susceptible to an infinite
loop.
- The RPC dissector was susceptible to a null pointer
exception.
- The NCP dissector could overflow a buffer or loop for
a large amount of time.
- The RADIUS dissector could throw an assertion.
- The GSM dissector could access an invalid
pointer.
- The SMB PIPE dissector could throw an assertion.
- The L2TP dissector was susceptible to an infinite loop.
- The SMB NETLOGON dissector could dereference a null
pointer.
- The MRDISC dissector could throw an assertion.
- The ISUP dissector could overflow a buffer or cause a
segmentation fault.
- The LDAP dissector could crash.
- The TCAP dissector could overflow a buffer or throw an
assertion.
- The NTLMSSP dissector could crash.
- The Presentation dissector could overflow a
buffer.
- Additionally, a number of dissectors could throw an
assertion when passing an invalid protocol tree item
length.