On Sun, 2003-09-14 at 05:21, Jerome Delamarche wrote: > Hello, > > During a SOCKS4 session debugging using Ethereal, I found a bug that > produces a "heap overflow". Here is how it comes: > > 1) a SOCKS client (v4 or v5) initiates a connection to a SOCKS server. The > standard server port for SOCKS is 1080. > > 2) in the CONNECT packet, the Client asks for a Destination Port which is > still 1080 (could be another SOCKS server !) > > 3) the server answers OK > > 4) the client now sends the payload.... and Ethereal crashes: it tries to > decode the payload based on the destination port given in the CONNECT > packet. Since it is the SOCKS port (1080), it creates an infinite loop that > includes "dissect_socks()" and "call_next_dissector()". > > Since it creates a heap overflow, IMHO there is no vulnerability here (?)... > just a bug ! > > Ethereal's still a great product - Thanks to all > > Jerome Delamarche >
Can you send a capture file with a packet that produces this error? --gilbert
