Gentoo Archives: gentoo-announce

From: Kurt Lieber <klieber@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 200403-07 ] Multiple remote overflows and vulnerabilities in Ethereal
Date: Mon, 29 Mar 2004 08:47:57
Message-Id: 20040329083755.GF24315@mail.lieber.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200403-07
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Multiple remote overflows and vulnerabilities in Ethereal
9 Date: March 28, 2004
10 Bugs: #45543
11 ID: 200403-07
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Mulitple overflows and vulnerabilities exist in Ethereal which may
19 allow an attacker to crash the program or run arbitrary code.
20
21 Background
22 ==========
23
24 Quote from http://www.ethereal.com
25
26 "Ethereal is used by network professionals around the world for
27 troubleshooting, analysis, software and protocol development, and
28 education. It has all of the standard features you would expect in a
29 protocol analyzer, and several features not seen in any other product.
30 Its open source license allows talented experts in the networking
31 community to add enhancements. It runs on all popular computing
32 platforms, including Unix, Linux, and Windows."
33
34 Affected packages
35 =================
36
37 -------------------------------------------------------------------
38 Package / Vulnerable / Unaffected
39 -------------------------------------------------------------------
40 net-analyzer/ethereal <= 0.10.2 >= 0.10.3
41
42 Description
43 ===========
44
45 There are multiple vulnerabilities in versions of Ethereal earlier than
46 0.10.3, including:
47
48 * Thirteen buffer overflows in the following protocol dissectors:
49 NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.
50
51 * A zero-length Presentation protocol selector could make Ethereal
52 crash.
53
54 * A vulnerability in the RADIUS packet dissector which may crash
55 ethereal.
56
57 * A corrupt color filter file could cause a segmentation fault.
58
59 Impact
60 ======
61
62 These vulnerabilities may cause Ethereal to crash or may allow an
63 attacker to run arbitrary code on the user's computer.
64
65 Workaround
66 ==========
67
68 While a workaround is not currently known for this issue, all users are
69 advised to upgrade to the latest version of the affected package.
70
71 Resolution
72 ==========
73
74 All users should upgrade to the current version of the affected
75 package:
76
77 # emerge sync
78
79 # emerge -pv ">=net-analyzer/ethereal-0.10.3"
80 # emerge ">=net-analyzer/ethereal-0.10.3"
81
82 References
83 ==========
84
85 [ 1 ] http://www.ethereal.com/appnotes/enpa-sa-00013.html
86 [ 2 ] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176
87 [ 3 ] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365
88 [ 4 ] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367
89
90 Concerns?
91 =========
92
93 Security is a primary focus of Gentoo Linux and ensuring the
94 confidentiality and security of our users machines is of utmost
95 importance to us. Any security concerns should be addressed to
96 security@g.o or alternatively, you may file a bug at
97 http://bugs.gentoo.org.