Intrusion Prevention
Ethereal.SOCKS.Dissector.Buffer.Overflow
Description
This indicates an attack attempt to exploit a Format String vulnerability in Ethereal/Wireshark.
The vulnerability is due to an input validation error when handling SOCKS protocol packets. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via crafted packets.
Affected Products
Ethereal Group Ethereal 0.9.8
Ethereal Group Ethereal 0.9.7
Ethereal Group Ethereal 0.9.6
Ethereal Group Ethereal 0.9.5
Ethereal Group Ethereal 0.9.4
Ethereal Group Ethereal 0.9.3
Ethereal Group Ethereal 0.9.2
Ethereal Group Ethereal 0.9.1
Ethereal Group Ethereal 0.9.0
Ethereal Group Ethereal 0.8.18
Ethereal Group Ethereal 0.9.9
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version of Ethereal (now known as Wireshark):
https://www.wireshark.org/download.html