Debian: 'ethereal' buffer overflow

    Date22 Nov 2000
    CategoryDebian
    2704
    Posted ByLinuxSecurity Advisories
    hacksware reported a buffer overflow in the AFS packet parsing code inethereal.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                         Wichert Akkerman
    November 22, 2000
    - ------------------------------------------------------------------------
    
    
    Package        : ethereal
    Problem type   : remote exploit
    Debian-specific: no
    
    hacksware reported a buffer overflow in the AFS packet parsing code in
    ethereal. Gerald Combs then found more overflows in the netbios and ntp
    decoding logic as well. An attacker can exploit those overflows by
    sending carefully crafted packets to a network that is being monitored
    by ethereal.
    
    This has been fixed in version 0.8.0-2potato and we recommend you
    upgrade your ethereal package immediately.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
      Packages for m68k are not available at this momemt; when they
      become available they will be announced on  http://security.debian.org/
    
      Source archives:
        
    http://security.debian.org/dists/stable/updates/main/source/ethereal_0.8.0-2potato.diff.gz
          MD5 checksum: f82bd9c0d58077d360cc371e5cdc5de0
        
    http://security.debian.org/dists/stable/updates/main/source/ethereal_0.8.0-2potato.dsc
          MD5 checksum: 01311d5c1a0e5facf93565970dcec04b
        
    http://security.debian.org/dists/stable/updates/main/source/ethereal_0.8.0.orig.tar.gz
          MD5 checksum: 297ae32cc23a154497dad6a1f964bdb1
    
      Alpha architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-alpha/ethereal_0.8.0-2potato_alpha.deb
          MD5 checksum: 82f6fd38b2e7cab8b867ac52dae895fd
    
      ARM architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-arm/ethereal_0.8.0-2potato_arm.deb
          MD5 checksum: 0a704256847208f89811650cc964644b
    
      Intel ia32 architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-i386/ethereal_0.8.0-2potato_i386.deb
          MD5 checksum: e388da4ca483cf327dc784c1193d86f3
    
      PowerPC architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/ethereal_0.8.0-2potato_powerpc.deb
          MD5 checksum: 530905f2a5fa5a62ebad6207aec91588
    
      Sun Sparc architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-sparc/ethereal_0.8.0-2potato_sparc.deb
          MD5 checksum: 30a1e8df61a40ede30a005ad12d43fef
    
      These files will be moved into
       ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    - -- 
    - ----------------------------------------------------------------------------
    apt-get: deb  http://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.