多个Sniffer供应商DNS解码漏洞

漏洞信息详情

多个Sniffer供应商DNS解码漏洞

• CNNVD编号：CNNVD-199905-054
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0333
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  1999-05-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-05
  
• 厂        商：
  
  ethereal_group
• 漏洞来源：
  This vulnerability…

tcpdump， Ethereal， 和其他 sniffer 包中存在漏洞。远程攻击者通过一个跳转偏移指向自身的畸形DNS数据包导致拒绝服务，这将导致tcpdump程序在解压NDS数据包时进入一个无限循环。

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Upgrading to 0.8.7 of Ethereal will solve this problem
The current tree of tcpdump has a fix in place; this fix is not present in the 3.5 alpha tree, however.
The author of this vulnerability suggests replacing the ns_nprint function with the following:
static const u_char *
ns_nprint(register const u_char *cp, register const u_char *bp)
{
register u_int i,j;
register const u_char *rp;
register int compress;

i = *cp++;
j = 0;
rp = cp + i;
if ((i & INDIR_MASK) == INDIR_MASK) {
rp = cp + 1;
compress = 1;
} else
compress = 0;
if (i != 0)
while ((i && cp < snapend) && (j<256)) {
j++;
if ((i & INDIR_MASK) == INDIR_MASK) {
cp = bp + (((i << 8) | *cp) & 0x3fff);
i = *cp++;
continue;
}
if (fn_printn(cp, i, snapend))
break;
cp += i;
putchar(‘.’);
i = *cp++;
if (!compress)
rp += i + 1;
}
else
putchar(‘.’);
return (rp);
}

来源: BID
名称: 1165
链接:http://www.securityfocus.com/bid/1165

来源: BUGTRAQ
名称: 20000502 Denial of service attack against tcpdump
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.10.10005021942380.2077-100000@paranoia.pgci.ca