Debian: 'ethereal' buffer/integer overflows

    Date11 Jun 2003
    CategoryDebian
    2778
    Posted ByLinuxSecurity Advisories
    Timo Sirainen discovered several vulnerabilities in ethereal, a network traffic analyzer. These include one-byte buffer overflows in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors, and integer overflows in the Mount and PPP dissectors.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 313-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    June 11th, 2003                          http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : ethereal
    Vulnerability  : buffer overflows, integer overflows
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2003-0356 CAN-2003-0357
    
    Timo Sirainen discovered several vulnerabilities in ethereal, a
    network traffic analyzer.  These include one-byte buffer overflows in
    the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB,
    SMPP, and TSP dissectors, and integer overflows in the Mount and PPP
    dissectors.
    
    For the stable distribution (woody) these problems have been fixed in
    version 0.9.4-1woody4.
    
    The old stable distribution (potato) does not appear to contain these
    vulnerabilities.
    
    For the unstable distribution (sid) these problems are fixed in version
    0.9.12-1.
    
    We recommend that you update your ethereal package.
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.dsc
          Size/MD5 checksum:      679 a6456b3e20f44a3f53256bf722c010cd
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.diff.gz
          Size/MD5 checksum:    31800 160670a883256ee0d40066424ffc527a
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
          Size/MD5 checksum:  3278908 42e999daa659820ee93aaaa39ea1e9ea
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_alpha.deb
          Size/MD5 checksum:  1939098 67c1fd2e2851976aef3db87a2d128484
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_alpha.deb
          Size/MD5 checksum:   333810 c239ee7f87136dd0d7750996a702b387
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_alpha.deb
          Size/MD5 checksum:   221594 9b6bad1bd7d23ec7c54c40ec336e5edd
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_alpha.deb
          Size/MD5 checksum:  1706008 5ac67ca2d0530676c41563dae337a0e4
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_arm.deb
          Size/MD5 checksum:  1633108 73c97178ef157e709fcc36753a1ea85c
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_arm.deb
          Size/MD5 checksum:   296662 0a9bec8514d203e90c712b12ef19de25
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_arm.deb
          Size/MD5 checksum:   205452 9641c7fa333a0ce2f33bf38a78640351
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_arm.deb
          Size/MD5 checksum:  1437636 4286845b2a848f4d293c1be807d62446
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_i386.deb
          Size/MD5 checksum:  1511802 4e554f6ef3da40ac3215099141e7c10b
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_i386.deb
          Size/MD5 checksum:   285948 df25b50bfa385f84b091227df926bc0f
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_i386.deb
          Size/MD5 checksum:   197860 6eb91acb63bd5e3938cdb186b507dd38
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_i386.deb
          Size/MD5 checksum:  1324426 96887c970d1725be47988c498708762f
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_ia64.deb
          Size/MD5 checksum:  2148676 f39ffacba60f1f2a132750d76cb972b7
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_ia64.deb
          Size/MD5 checksum:   372650 866ee108f08e625d3981362726d9799a
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_ia64.deb
          Size/MD5 checksum:   233180 e125fa9dc0e59d7d14d43505ffe05368
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_ia64.deb
          Size/MD5 checksum:  1858536 904fce57cb39662e9560f0143d326bb8
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_hppa.deb
          Size/MD5 checksum:  1802046 d5114f9632deea43ba5f99ff79a67db3
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_hppa.deb
          Size/MD5 checksum:   321802 33656ff4dbd495d3c8f1dc9ed6c798ff
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_hppa.deb
          Size/MD5 checksum:   216336 34bbb2832844a7bb83fcff37cae852c0
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_hppa.deb
          Size/MD5 checksum:  1574474 da9563f1c19e93d7f68caf369540af35
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_m68k.deb
          Size/MD5 checksum:  1422378 43efc6d431fc6d8c7587e18bd24fe8f2
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_m68k.deb
          Size/MD5 checksum:   282076 2d3fc00fe2260fb85062c0d8697f5a31
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_m68k.deb
          Size/MD5 checksum:   194600 ffe9f83876b5a9ac1c4527057e76f2a5
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_m68k.deb
          Size/MD5 checksum:  1246858 b9e8b7a88e11032e86697ca1570322f4
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mips.deb
          Size/MD5 checksum:  1615618 6075fa7c13fa8ca8f3dc7258be8352d7
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mips.deb
          Size/MD5 checksum:   304780 9f9632fc4b81f7091a3d06821188f8d1
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mips.deb
          Size/MD5 checksum:   213104 f006c9731d11e3a04dbeca5c3590a15f
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mips.deb
          Size/MD5 checksum:  1420708 45f88bb1c3af5021ecc06cce889cc752
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mipsel.deb
          Size/MD5 checksum:  1596150 3448b7e38f8cb465b10e24aff4cf0194
     
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mipsel.deb
          Size/MD5 checksum:   304294 eb86e3592b8d655e6365e3633784eed1
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mipsel.deb
          Size/MD5 checksum:   212736 27602ffe5022eaa068cb72d2df940d13
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mipsel.deb
          Size/MD5 checksum:  1404954 3e5de4a79c1b139c3b2f0ae179469be7
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_powerpc.deb
          Size/MD5 checksum:  1616730 f14611ce9d14d7dd4bdb68f944ff9d1b
        
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_powerpc.deb
          Size/MD5 checksum:   301440 2c0628a56ff3695877daf9f31dffc1ee
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_powerpc.deb
          Size/MD5 checksum:   208310 fce4f437ba8aaf2e258eaf322de1d070
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_powerpc.deb
          Size/MD5 checksum:  1417094 0d39172de87a53c1f048113606acaa01
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_s390.deb
          Size/MD5 checksum:  1573090 d6aa9760cfcf8e50085fbad1ac1c519a
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_s390.deb
          Size/MD5 checksum:   300270 17aee5bcac8c012541f30dc6fb594563
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_s390.deb
          Size/MD5 checksum:   203304 c6a7ea1eacb1d13748eaeeb54357b203
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_s390.deb
          Size/MD5 checksum:  1385758 d529f4ca3dd4c9275947beb24b462057
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_sparc.deb
          Size/MD5 checksum:  1580628 d29f917e447c05e878dc0d5133a6253e
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_sparc.deb
          Size/MD5 checksum:   317574 64bff1a09c7120f16d1ace0857b285d7
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_sparc.deb
          Size/MD5 checksum:   204094 1af2856d9cb07f3fb680a6891217b4b7
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_sparc.deb
          Size/MD5 checksum:  1387272 1b9ce45f55bdbf9ce990a058b0318c12
    
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.26,"resources":[]},{"id":"88","title":"Should be more technical","votes":"16","type":"x","order":"2","pct":13.68,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.