Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:3045 |
Message | NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in Ethereal. |
Impact | Serious. Denial of Service (DoS). |
Detailed Information | Ethereal is a multi-platform network protocol analyser capable of displaying network data to the user in a graphical user interface. An error in the processing of access control lists (ACLs) concerning the size of the access control entries (ACEs) may lead to a Denial of Service (DoS) condition in Ethereal. The ACL parsing routine trusts the size of the ACE given in the packet during processing. If a sufficiently large ACL structure is supplied combined with a specified ACE size of 0, it is possible to cause the DoS condition to occur. |
Affected Systems | Ethereal 0.10.7 and prior |
Attack Scenarios | An attacker needs to craft packet data containing large NT ACLs, the attacker then needs to specify one of the ACEs as having a size of 0. |
Ease of Attack | Moderate. |
Corrective Action | Apply the appropriate vendor supplied patch Upgrade to the latest non-affected version of the software. |
Additional References |
--
DID:510426
--
http://www.aanval.com/