Debian: ethereal Multiple remote vulnerabilities

    Date18 Jun 2003
    CategoryDebian
    2446
    Posted ByLinuxSecurity Advisories
    Several of the packet dissectors in ethereal contain string handlingbugs which could be exploited using a maliciously crafted packet tocause ethereal to consume excessive amounts of memory, crash, orexecute arbitrary code.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 324-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    June 18th, 2003                          http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : ethereal
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2003-0428 CAN-2003-0429 CAN-2003-0431 CAN-2003-0432
    
    Several of the packet dissectors in ethereal contain string handling
    bugs which could be exploited using a maliciously crafted packet to
    cause ethereal to consume excessive amounts of memory, crash, or
    execute arbitrary code.
    
    These vulnerabilites were announced in the following Ethereal security
    advisory:
     
    http://www.ethereal.com/appnotes/enpa-sa-00010.html
    
    Ethereal 0.9.4 in Debian 3.0 (woody) is affected by most of the
    problems described in the advisory, including:
    
        * The DCERPC dissector could try to allocate too much memory
          while trying to decode an NDR string.
        * Bad IPv4 or IPv6 prefix lengths could cause an overflow in the
          OSI dissector.
        * The tvb_get_nstringz0() routine incorrectly handled a
          zero-length buffer size.
        * The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, and ISIS
          dissectors handled strings improperly.
    
    The following problems do NOT affect this version:
    
        * The SPNEGO dissector could segfault while parsing an invalid
          ASN.1 value.
        * The RMI dissector handled strings improperly
    
    as these modules are not present.
    
    For the stable distribution (woody) these problems have been fixed in
    version 0.9.4-1woody5.
    
    The old stable distribution (potato) these problems will be fixed in a
    future advisory.
    
    For the unstable distribution (sid) these problems are fixed in
    version 0.9.13-1.
    
    We recommend that you update your ethereal package.
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5.dsc
          Size/MD5 checksum:      679 fb98a4629ed5c2a09188264978e235cb
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5.diff.gz
          Size/MD5 checksum:    36263 4db84b40ff262dc4fa536bcbb215eb2b
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
          Size/MD5 checksum:  3278908 42e999daa659820ee93aaaa39ea1e9ea
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_alpha.deb
          Size/MD5 checksum:  1938816 8e4a1ce81eb9f19d45c01e590d9a377e
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_alpha.deb
          Size/MD5 checksum:   334136 08bf42a6d7dbb50692d708d7a9197d87
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_alpha.deb
          Size/MD5 checksum:   221920 ee4403d6c0b7c07c83eec534988a84ee
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_alpha.deb
          Size/MD5 checksum:  1705816 7ee849802d94d148a14119f76992b2f0
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_arm.deb
          Size/MD5 checksum:  1633896 0abfa9d3c0eb5db8321a6762ab9dfa7b
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_arm.deb
          Size/MD5 checksum:   297150 bfbad9f07fab5ab34a6eab1ef8e5953d
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_arm.deb
          Size/MD5 checksum:   205828 ea7d760224ab01952527eacbc4587d20
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_arm.deb
          Size/MD5 checksum:  1438470 4f1f6d0135cbfc0044c688c39a956bea
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_i386.deb
          Size/MD5 checksum:  1511912 5c1107c1016a8025e5b1d56eeccf84df
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_i386.deb
          Size/MD5 checksum:   286266 9c979f57424b5d55c5de6621098e96d2
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_i386.deb
          Size/MD5 checksum:   198218 c49c94d9dc7312668c9b48a550df6a1c
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_i386.deb
          Size/MD5 checksum:  1324568 9aeb2ffbc5277b3196b83e6d38b53621
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_ia64.deb
          Size/MD5 checksum:  2149036 c68b86189746723e62bf08368bce227b
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_ia64.deb
          Size/MD5 checksum:   372962 9247b82b07d2eb11446fdce5f88983dc
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_ia64.deb
          Size/MD5 checksum:   233512 c030461e088a87758a4ba9935f0733e1
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_ia64.deb
          Size/MD5 checksum:  1859410 ab7f2190f094c3b8e67d56ff49045b9a
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_hppa.deb
          Size/MD5 checksum:  1802910 eb690bcb02ebf1c750205177cb248f72
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_hppa.deb
          Size/MD5 checksum:   322214 5ee2178f9c733121c7a1f0d524627880
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_hppa.deb
          Size/MD5 checksum:   216700 fa66e8a08983e09421560bd10f3c3965
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_hppa.deb
          Size/MD5 checksum:  1574692 b336a02e18c9f495960a9d0dec3d8e45
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_m68k.deb
          Size/MD5 checksum:  1423170 d59023d4c5cdf8dde7d3bfe8cc33d587
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_m68k.deb
          Size/MD5 checksum:   282466 6c85c7db7c36488746ef3f1e4a18d186
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_m68k.deb
          Size/MD5 checksum:   194916 d33873842e7080c48de9e9c337c76c79
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_m68k.deb
          Size/MD5 checksum:  1247402 58295f85485a65b3f65e2f4af5ef5961
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_mips.deb
          Size/MD5 checksum:  1616264 7d0870d9b8b38f03a0a380996dfa33f9
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_mips.deb
          Size/MD5 checksum:   305088 295015eb873bfb754e75c1396e752243
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_mips.deb
          Size/MD5 checksum:   213484 8d0afae76790f5fdbebfd785bd3e0eb5
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_mips.deb
          Size/MD5 checksum:  1421086 ecfbd6ffa565b529da0e654f344a1d55
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_mipsel.deb
          Size/MD5 checksum:  1596546 b84b95c09877df3556a688045c99c260
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_mipsel.deb
          Size/MD5 checksum:   304588 762bfcd3d71a6baec47e2e1faec0ef4c
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_mipsel.deb
          Size/MD5 checksum:   213108 666e6babaccfceda951053a9e03d5e77
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_mipsel.deb
          Size/MD5 checksum:  1405282 93b65858bfce3a879a05de921f2b0adc
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_powerpc.deb
          Size/MD5 checksum:  1616884 20f757b5b8bbdd9c604741f0a4e6f844
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_powerpc.deb
          Size/MD5 checksum:   301724 96ce6842b578c13330879589a1692d47
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_powerpc.deb
          Size/MD5 checksum:   208664 de9e536ef2560206395d9ede28c4aeef
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_powerpc.deb
          Size/MD5 checksum:  1418060 f28e69f82efff9434c37ac70f9f6af86
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_s390.deb
          Size/MD5 checksum:  1573598 a93240eca8bb226a0ad8bcabc6a6c5a3
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_s390.deb
          Size/MD5 checksum:   300554 a239b466decac0566be563242665d1aa
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_s390.deb
          Size/MD5 checksum:   203712 94f12ad0a3961df640587313f2b20b6a
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_s390.deb
          Size/MD5 checksum:  1386068 6401707646ae88c8220e5c6143a9c40b
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_sparc.deb
          Size/MD5 checksum:  1581564 c60e1b864726561eea77d65c6c3d4da3
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_sparc.deb
          Size/MD5 checksum:   317866 16956acf9b44bf36174733cd620348d3
         http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_sparc.deb
          Size/MD5 checksum:   204488 a5bccb53d6e679c552cb0093936c0e69
         http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_sparc.deb
          Size/MD5 checksum:  1388806 429a6f0c8c4ff5443dbabd94610998aa
    
    These files will probably be moved into the stable distribution on its
    next revision.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.