Linux Security
    Linux Security
    Linux Security

    Debian: ethereal Multiple remote vulnerabilities

    Posted By
    Several of the packet dissectors in ethereal contain string handlingbugs which could be exploited using a maliciously crafted packet tocause ethereal to consume excessive amounts of memory, crash, orexecute arbitrary code.
    Debian Security Advisory DSA 324-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Matt Zimmerman
    June 18th, 2003                
    Package        : ethereal
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2003-0428 CAN-2003-0429 CAN-2003-0431 CAN-2003-0432
    Several of the packet dissectors in ethereal contain string handling
    bugs which could be exploited using a maliciously crafted packet to
    cause ethereal to consume excessive amounts of memory, crash, or
    execute arbitrary code.
    These vulnerabilites were announced in the following Ethereal security

    Ethereal 0.9.4 in Debian 3.0 (woody) is affected by most of the
    problems described in the advisory, including:
        * The DCERPC dissector could try to allocate too much memory
          while trying to decode an NDR string.
        * Bad IPv4 or IPv6 prefix lengths could cause an overflow in the
          OSI dissector.
        * The tvb_get_nstringz0() routine incorrectly handled a
          zero-length buffer size.
        * The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, and ISIS
          dissectors handled strings improperly.
    The following problems do NOT affect this version:
        * The SPNEGO dissector could segfault while parsing an invalid
          ASN.1 value.
        * The RMI dissector handled strings improperly
    as these modules are not present.
    For the stable distribution (woody) these problems have been fixed in
    version 0.9.4-1woody5.
    The old stable distribution (potato) these problems will be fixed in a
    future advisory.
    For the unstable distribution (sid) these problems are fixed in
    version 0.9.13-1.
    We recommend that you update your ethereal package.
    Upgrade Instructions
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
      Source archives:
          Size/MD5 checksum:      679 fb98a4629ed5c2a09188264978e235cb
          Size/MD5 checksum:    36263 4db84b40ff262dc4fa536bcbb215eb2b
          Size/MD5 checksum:  3278908 42e999daa659820ee93aaaa39ea1e9ea
      Alpha architecture:
          Size/MD5 checksum:  1938816 8e4a1ce81eb9f19d45c01e590d9a377e
          Size/MD5 checksum:   334136 08bf42a6d7dbb50692d708d7a9197d87
          Size/MD5 checksum:   221920 ee4403d6c0b7c07c83eec534988a84ee
          Size/MD5 checksum:  1705816 7ee849802d94d148a14119f76992b2f0
      ARM architecture:
          Size/MD5 checksum:  1633896 0abfa9d3c0eb5db8321a6762ab9dfa7b
          Size/MD5 checksum:   297150 bfbad9f07fab5ab34a6eab1ef8e5953d
          Size/MD5 checksum:   205828 ea7d760224ab01952527eacbc4587d20
          Size/MD5 checksum:  1438470 4f1f6d0135cbfc0044c688c39a956bea
      Intel IA-32 architecture:
          Size/MD5 checksum:  1511912 5c1107c1016a8025e5b1d56eeccf84df
          Size/MD5 checksum:   286266 9c979f57424b5d55c5de6621098e96d2
          Size/MD5 checksum:   198218 c49c94d9dc7312668c9b48a550df6a1c
          Size/MD5 checksum:  1324568 9aeb2ffbc5277b3196b83e6d38b53621
      Intel IA-64 architecture:
          Size/MD5 checksum:  2149036 c68b86189746723e62bf08368bce227b
          Size/MD5 checksum:   372962 9247b82b07d2eb11446fdce5f88983dc
          Size/MD5 checksum:   233512 c030461e088a87758a4ba9935f0733e1
          Size/MD5 checksum:  1859410 ab7f2190f094c3b8e67d56ff49045b9a
      HP Precision architecture:
          Size/MD5 checksum:  1802910 eb690bcb02ebf1c750205177cb248f72
          Size/MD5 checksum:   322214 5ee2178f9c733121c7a1f0d524627880
          Size/MD5 checksum:   216700 fa66e8a08983e09421560bd10f3c3965
          Size/MD5 checksum:  1574692 b336a02e18c9f495960a9d0dec3d8e45
      Motorola 680x0 architecture:
          Size/MD5 checksum:  1423170 d59023d4c5cdf8dde7d3bfe8cc33d587
          Size/MD5 checksum:   282466 6c85c7db7c36488746ef3f1e4a18d186
          Size/MD5 checksum:   194916 d33873842e7080c48de9e9c337c76c79
          Size/MD5 checksum:  1247402 58295f85485a65b3f65e2f4af5ef5961
      Big endian MIPS architecture:
          Size/MD5 checksum:  1616264 7d0870d9b8b38f03a0a380996dfa33f9
          Size/MD5 checksum:   305088 295015eb873bfb754e75c1396e752243
          Size/MD5 checksum:   213484 8d0afae76790f5fdbebfd785bd3e0eb5
          Size/MD5 checksum:  1421086 ecfbd6ffa565b529da0e654f344a1d55
      Little endian MIPS architecture:
          Size/MD5 checksum:  1596546 b84b95c09877df3556a688045c99c260
          Size/MD5 checksum:   304588 762bfcd3d71a6baec47e2e1faec0ef4c
          Size/MD5 checksum:   213108 666e6babaccfceda951053a9e03d5e77
          Size/MD5 checksum:  1405282 93b65858bfce3a879a05de921f2b0adc
      PowerPC architecture:
          Size/MD5 checksum:  1616884 20f757b5b8bbdd9c604741f0a4e6f844
          Size/MD5 checksum:   301724 96ce6842b578c13330879589a1692d47
          Size/MD5 checksum:   208664 de9e536ef2560206395d9ede28c4aeef
          Size/MD5 checksum:  1418060 f28e69f82efff9434c37ac70f9f6af86
      IBM S/390 architecture:
          Size/MD5 checksum:  1573598 a93240eca8bb226a0ad8bcabc6a6c5a3
          Size/MD5 checksum:   300554 a239b466decac0566be563242665d1aa
          Size/MD5 checksum:   203712 94f12ad0a3961df640587313f2b20b6a
          Size/MD5 checksum:  1386068 6401707646ae88c8220e5c6143a9c40b
      Sun Sparc architecture:
          Size/MD5 checksum:  1581564 c60e1b864726561eea77d65c6c3d4da3
          Size/MD5 checksum:   317866 16956acf9b44bf36174733cd620348d3
          Size/MD5 checksum:   204488 a5bccb53d6e679c552cb0093936c0e69
          Size/MD5 checksum:  1388806 429a6f0c8c4ff5443dbabd94610998aa
    These files will probably be moved into the stable distribution on its
    next revision.
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.