Debian: ethereal buffer overflow

    Date06 Sep 2002
    CategoryDebian
    2942
    Posted ByLinuxSecurity Advisories
    It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 162-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    September 6th, 2002                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : ethereal
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE Id         : CAN-2002-0834
    BugTraq Id     : 5573
    
    Ethereal developers discovered a buffer overflow in the ISIS protocol
    dissector.  It may be possible to make Ethereal crash or hang by
    injecting a purposefully malformed packet onto the wire, or by
    convincing someone to read a malformed packet trace file.  It may be
    possible to make Ethereal run arbitrary code by exploiting the buffer
    and pointer problems.
    
    This problem has been fixed in version 0.9.4-1woody2 for the current
    stable stable distribution (woody), in version 0.8.0-4potato.1 for
    the old stable distribution (potato) and in version 0.9.6-1 for the
    unstable distribution (sid).
    
    We recommend that you upgrade your ethereal packages.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1.dsc
          Size/MD5 checksum:      628 ab3421f7cfe2592bcae97ee21d2037f0
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1.diff.gz
          Size/MD5 checksum:    52487 8f845d3572e699bd09ed8b7590ef5c8c
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0.orig.tar.gz
          Size/MD5 checksum:  1033560 297ae32cc23a154497dad6a1f964bdb1
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_alpha.deb
          Size/MD5 checksum:   725082 8ce2153f5f27d7f6c22aa45187c85a6b
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_arm.deb
          Size/MD5 checksum:   559580 da451f098a62af65f67c5c93dedff929
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_i386.deb
          Size/MD5 checksum:   520452 c04c0c6253dc91ea8f773cb1607258df
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_m68k.deb
          Size/MD5 checksum:   489770 dd7d17f57ed7b44922453f72d483c55d
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_powerpc.deb
          Size/MD5 checksum:   573334 13d6a9f30560b0d7056bb2938d62c5bf
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_sparc.deb
          Size/MD5 checksum:   554286 7540dd04b2f43db168b579a5b5e4640e
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2.dsc
          Size/MD5 checksum:      679 3422eaafcc0c6790921c2fadcfb45c21
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2.diff.gz
          Size/MD5 checksum:    34257 9ba55fbe1973fa07eaea17ceddb0a47b
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
          Size/MD5 checksum:  3278908 42e999daa659820ee93aaaa39ea1e9ea
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_alpha.deb
          Size/MD5 checksum:  1939060 dfb7750119b7688c3d8d8650d17f0d7c
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_alpha.deb
          Size/MD5 checksum:   333594 56dff0c9ce5c97aa17b7ddec5764fc7e
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_alpha.deb
          Size/MD5 checksum:   221390 7387c42257ef764a2ff02af5f6f10800
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_alpha.deb
          Size/MD5 checksum:  1705962 f8269a5cb64515afe3a4c898e2e35b81
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_arm.deb
          Size/MD5 checksum:  1633044 e90d102738aeb2534c7e70acb7873c73
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_arm.deb
          Size/MD5 checksum:   296362 20785f615601377d95a35c18509428c8
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_arm.deb
          Size/MD5 checksum:   205268 cc1809339123e98a18c068214e46ba84
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_arm.deb
          Size/MD5 checksum:  1437240 8ca230be12a78181179c50ec59f14019
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_i386.deb
          Size/MD5 checksum:  1511486 dc02fd03fa24a93e5aefa5db2fb3c38f
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_i386.deb
          Size/MD5 checksum:   285708 fead37813e0a8b27b2d198ed96a09e72
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_i386.deb
          Size/MD5 checksum:   197506 3e35362ff31f9c8831da433664a87793
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_i386.deb
          Size/MD5 checksum:  1324234 589dbb41e4b8be0b6f59e1d5029a4534
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_ia64.deb
          Size/MD5 checksum:  2148514 346ba1362fee8a9384ec622a90ca4da8
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_ia64.deb
          Size/MD5 checksum:   372474 d71f6a54b81e9a02fa90fe9d9f655fac
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_ia64.deb
          Size/MD5 checksum:   232940 8631b791d6ea4745ec5f9391f1342964
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_ia64.deb
          Size/MD5 checksum:  1858670 0748a27f6467eed6e3b990c38adb8ae4
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_hppa.deb
          Size/MD5 checksum:  1801788 490b5d284861576248e1f4b0dc68f23d
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_hppa.deb
          Size/MD5 checksum:   321500 dcf0dcbf57aa1974b34ca2a9282226d5
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_hppa.deb
          Size/MD5 checksum:   216122 feebbfda5ae79df0a6319aa91eefad69
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_hppa.deb
          Size/MD5 checksum:  1574400 f6c277ee39939222422ccf22c405cdcc
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_m68k.deb
          Size/MD5 checksum:  1422128 52618cb598d1cb02aab4265fa1a1e109
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_m68k.deb
          Size/MD5 checksum:   281842 093f64d0bfd4f7e285649f085ed23c9e
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_m68k.deb
          Size/MD5 checksum:   194400 157b134dea7ae457bb1b45e0c5700761
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_m68k.deb
          Size/MD5 checksum:  1246528 cc2467a18ff370127eda708863498e7c
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_mips.deb
          Size/MD5 checksum:  1615518 39e888789a4e9b5ae41e9dd9f34d8a70
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_mips.deb
          Size/MD5 checksum:   304542 f150ce7984701d180e72c9119df878d9
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_mips.deb
          Size/MD5 checksum:   212856 20e638a8b96d5f6261145f0a2d7aa61b
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_mips.deb
          Size/MD5 checksum:  1420690 2953c5e2019b980f34e3cda644423791
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_mipsel.deb
          Size/MD5 checksum:  1595962 116c1f6662b30ce208e0b911e0a48abd
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_mipsel.deb
          Size/MD5 checksum:   304078 e6c2ee04916033005787227a6a9ff249
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_mipsel.deb
          Size/MD5 checksum:   212514 c8cc996cbe70c49b381f4094ab79a0fd
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_mipsel.deb
          Size/MD5 checksum:  1404638 e7de537c62efa30669c622df80eb0cfa
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_powerpc.deb
          Size/MD5 checksum:  1616370 d06e81e77f2b378354b7109cfff3999e
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_powerpc.deb
          Size/MD5 checksum:   301234 3ad14331ebbc28828bfe8d86d06d39d3
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_powerpc.deb
          Size/MD5 checksum:   208070 003a9293509b86352699297f2dcd06a1
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_powerpc.deb
          Size/MD5 checksum:  1417096 f8e168e799a3513a4c6c4e5978b48997
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_s390.deb
          Size/MD5 checksum:  1531624 8d1247e48022c9eca049d6f82fa27b0c
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_s390.deb
          Size/MD5 checksum:   294854 79dfa75bd8dc5594ba00ec45ff018621
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_s390.deb
          Size/MD5 checksum:   200804 e16d387f4b152dd66c9942b2b4a63ab8
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_s390.deb
          Size/MD5 checksum:  1347014 69976bdae0c3f1747e0ef505f99b9685
    
      Sun Sparc architecture:
    
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_sparc.deb
          Size/MD5 checksum:  1580330 957aa365762f5597bbd0b4b504b0b8b1
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_sparc.deb
          Size/MD5 checksum:   317396 a3a32b25fb8e461c51b6c7f1b4b769f0
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_sparc.deb
          Size/MD5 checksum:   203866 c29c5dfd294938398b73ecdc1e5a868f
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_sparc.deb
          Size/MD5 checksum:  1387140 6c89ba3a017d51ffbb58c0db6e3c6504
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.