Tag: Security, Security / Home

Security

NAVIGATION
CATEGORIES
REFERRENCE
LINKS
Home » Security

  • Ethereal: Numerous vulnerabilities

    0 answers - 3751 bytes - related search similar search Add To My Delicious Add To My Stumble Upon Add To My Google Mark Add To My Facebook Add To My Digg Add To My Reddit

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 200505-03
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Severity: High
    Title: Ethereal: Numerous vulnerabilities
    Date: May 06, 2005
    Bugs: #90539
    ID: 200505-03
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Synopsis
    Ethereal is vulnerable to numerous vulnerabilities potentially
    resulting in the execution of arbitrary code or abnormal termination.
    Background
    Ethereal is a feature rich network protocol analyzer.
    Affected packages
    Package / Vulnerable / Unaffected
    1 net-analyzer/ethereal < 0.10.11 >= 0.10.11
    Description
    There are numerous vulnerabilities in versions of Ethereal prior to
    0.10.11, including:
    * The ANSI A and DHCP dissectors are vulnerable to format string
    vulnerabilities.
    * The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, CSP,
    PKIX1Explitit, PKIX Qualified, X.509, Q.931, MEGAC, NCP, ISUP, TCAP
    and Presentation dissectors are vulnerable to buffer overflows.
    * The KINK, WSP, SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and SMB
    NETLGN dissectors are vulnerable to pointer handling errors.
    * The LMP, KINK, MGCP, RSVP, SRVLC, EIGRP, MEGAC, DLSw, NCP and
    L2TP dissectors are vulnerable to looping problems.
    * The Telnet and DHCP dissectors could abort.
    * The TZSP, Bittorrent, SMB, MGCP and ISUP dissectors could cause a
    segmentation fault.
    * The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2,
    RADIUS, SMB PIPE, MRDISC and TCAP dissectors could throw assertions.
    * The DICM, NDPS and ICEP dissectors are vulnerable to memory
    handling errors.
    * The GSM MAP, AIM, Fibre Channel,SRVLC, NDPS, LDAP and NTLMSSP
    dissectors could terminate abnormallly.
    Impact
    An attacker might be able to use these vulnerabilities to crash
    Ethereal and execute arbitrary code with the permissions of the user
    running Ethereal, which could be the root user.
    Workaround
    There is no known workaround at this time.
    Resolution
    All Ethereal users should upgrade to the latest version:
    # emerge
    # emerge ">=net-analyzer/ethereal-0.10.11"
    References
    [ 1 ] Ethereal enpa-sa-00019
    [ 2 ] CAN-2005-1456
    [ 3 ] CAN-2005-1457
    [ 4 ] CAN-2005-1458
    [ 5 ] CAN-2005-1459
    [ 6 ] CAN-2005-1460
    [ 7 ] CAN-2005-1461
    [ 8 ] CAN-2005-1462
    [ 9 ] CAN-2005-1463
    [ 10 ] CAN-2005-1464
    [ 11 ] CAN-2005-1465
    [ 12 ] CAN-2005-1466
    [ 13 ] CAN-2005-1467
    [ 14 ] CAN-2005-1468
    [ 15 ] CAN-2005-1469
    [ 16 ] CAN-2005-1470
    Availability
    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:
    Concerns?
    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users machines is of utmost
    importance to us. Any security concerns should be addressed to
    security (AT) gentoo (DOT) org or alternatively, you may file a bug at
    http://bugs.gentoo.org.
    License
    Copyright 2005 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).
    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.
    PGP SIGNATURE
    Version: GnuPG v1.4.1 (GNU/Linux)
    LmHlkTxV6tAkzYx5HYzasJw=
    =ocKT
    PGP SIGNATURE

Re: Ethereal: Numerous vulnerabilities


max 4000 letters.
Your nickname that display:
In order to stop the spam: 2 + 1 =
QUESTION ON "Security"

EMSDN.COM