GEN:SID 1:2463
Message EXPLOIT IGMP IGAP message overflow attempt
Summary This event is generated when an attempt is made to exploit a buffer overflow
associated with the Ethereal decode of the Internet Group membership Authentication
Protocol (IGAP).
Impact A successful attack may allow the execution of arbitrary code as root or
LOCAL_SYSTEM privilege on a vulnerable host.
Detailed Information There is a vulnerability associated with particular versions of Ethereal that
may cause a buffer overflow when a malformed IGAP packet is decoded using Ethereal
or tethereal.  This may permit the execution of arbitrary code with root or
LOCAL_SYSTEM privilege.  The buffer overflow occurs when a larger than expected
Message Size value is discovered in the IGAP payload.
Affected Systems Any host running Ethereal/tethereal versions 0.10.0 - 0.10.2.
Attack Scenarios An attacker can create and send a malformed IGAP packet, and if decoded by
a vulnerable version of Ethereal/tethereal, can cause a buffer overflow and the
subsequent execution of arbitrary code.
Ease of Attack Simple. Exploit code is available.
Corrective Action Update to version 0.10.3 of Ethereal.
Additional References  
Rule References bugtraq: 9952
cve: 2004-0176
cve: 2004-0367