SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Security)  >  Ethereal Vendors:  Ethereal.com
Ethereal Bugs in the iSNS, SMB, and SNMP Dissectors Let Remote Users Crash Ethereal or Possibly Execute Arbitrary Code
SecurityTracker Alert ID:  1010655
SecurityTracker URL:  http://securitytracker.com/id?1010655
CVE Reference:  CAN-2004-0633 ,  CAN-2004-0634 ,  CAN-2004-0635   (Links to External Site)
Updated:  Jul 8 2004
Original Entry Date:  Jul 7 2004
Impact:  Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 0.8.15 up to and including 0.10.4
Description:  Several vulnerabilities were was reported in Ethereal in the iSNS, SMB, and SNMP dissectors. A remote user can cause the Ethereal process to crash and may be able to execute arbitrary code on the target system.

The vendor reported that a remote user can send a specially crafted packet to the target system or via a network that is monitored by the target system to trigger one of several flaws. A remote user can also create a specially crafted trace file that, when played by the target user, will have the same effect.

A remote user can cause the iSNS dissector to cause Ethereal to abort in some cases (affecting versions 0.10.3 - 0.10.4), the report said [CVE: CAN-2004-0633].

It is also reported that the Ethereal process performing SMB SID snooping may crash if there is no policy name for a handle (affecting versions 0.9.15 - 0.10.4) [CVE: CAN-2004-0634].

It is also reported that a remote user can send an SNMP packet with a specially crafted or missing community string to cause the process to crash (affecting versions 0.8.15 - 0.10.4) [CVE: CAN-2004-0635].
Impact:  A remote user can cause the Ethereal process to crash.

A remote user may be able to execute arbitrary code on the target system with the privileges of the Ethereal process.
Solution:  The vendor has released a fixed version (0.10.5), available at:

http://www.ethereal.com/download.html
Vendor URL:  www.ethereal.com/appnotes/enpa-sa-00015.html (Links to External Site)
Cause:  Not specified
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 13 2004 (Mandrake Issues Fix) Ethereal Bugs in the iSNS, SMB, and SNMP Dissectors Let Remote Users Crash Ethereal or Possibly Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Jul 18 2004 (Debian Issues Fix) Ethereal Bugs in the iSNS, SMB, and SNMP Dissectors Let Remote Users Crash Ethereal or Possibly Execute Arbitrary Code   (Matt Zimmerman <mdz@debian.org>)
Debian has released a fix.
Aug 6 2004 (Red Hat Issues Fix for RHEL) Ethereal Bugs in the iSNS, SMB, and SNMP Dissectors Let Remote Users Crash Ethereal or Possibly Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Oct 1 2004 (Fedora Issues Fix for RH Linux) Ethereal Bugs in the iSNS, SMB, and SNMP Dissectors Let Remote Users Crash Ethereal or Possibly Execute Arbitrary Code   (Marc Deslauriers <marcdeslauriers@videotron.ca>)
Fedora has issued a fix for Red Hat Linux 7.3 and 9.
Jan 14 2005 (Conectiva Issues Fix) Ethereal Bugs in the iSNS, SMB, and SNMP Dissectors Let Remote Users Crash Ethereal or Possibly Execute Arbitrary Code   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.


 Source Message Contents
Date:  Tue, 06 Jul 2004 23:16:48 -0400
Subject:  http://www.ethereal.com/appnotes/enpa-sa-00015.html

 

http://www.ethereal.com/appnotes/enpa-sa-00015.html

Summary

Name: Multiple problems in Ethereal 0.10.4

Docid: enpa-sa-00015

Date: July 6, 2004

Versions affected: 0.8.15 up to and including 0.10.4

Severity: High
Details

Description:

Issues have been discovered in the following protocol dissectors:

     * The iSNS dissector could make Ethereal abort in some cases. (0.10.3 - 0.10.4)
     * SMB SID snooping could crash if there was no policy name for a handle. (0.9.15 - 
0.10.4)
     * The SNMP dissector could crash due to a malformed or missing community string. 
(0.8.15 - 0.10.4)

Impact:

It may be possible to make Ethereal crash or run arbitrary code by injecting a 
purposefully malformed packet onto the wire or by convincing someone to read a malformed 
packet trace file.

Resolution:

Upgrade to 0.10.5.

If you are running a version prior to 0.10.5 and you cannot upgrade, you can disable all 
of the protocol dissectors listed above by selecting Analyze->Enabled Protocols... and 
deselecting them from the list. For SMB, you can alternatively disable SID snooping in the 
SMB protocol preferences. However, it is strongly recommended that you upgrade to 0.10.5.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC