Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:3047 |
| Message | NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in Ethereal. |
| Impact | Serious. Denial of Service (DoS). |
| Detailed Information | Ethereal is a multi-platform network protocol analyser capable of displaying network data to the user in a graphical user interface. An error in the processing of access control lists (ACLs) concerning the size of the access control entries (ACEs) may lead to a Denial of Service (DoS) condition in Ethereal. The ACL parsing routine trusts the size of the ACE given in the packet during processing. If a sufficiently large ACL structure is supplied combined with a specified ACE size of 0, it is possible to cause the DoS condition to occur. |
| Affected Systems | Ethereal 0.10.7 and prior |
| Attack Scenarios | An attacker needs to craft packet data containing large NT ACLs, the attacker then needs to specify one of the ACEs as having a size of 0. |
| Ease of Attack | Moderate. |
| Corrective Action | Apply the appropriate vendor supplied patch Upgrade to the latest non-affected version of the software. |
| Additional References |
--
DID:694563
--
http://www.aanval.com/