SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Wireshark Vendors:   Wireshark.org
(Fedora Issues Fix for RH Linux) Ethereal RADIUS Attribute Parsing Null Pointer Dereference Lets Remote Users Deny Service
SecurityTracker Alert ID:  1011492
SecurityTracker URL:  http://securitytracker.com/id/1011492
CVE Reference:   CAN-2004-0365   (Links to External Site)
Date:  Oct 1 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.8.13 - 0.10.2
Description:   A vulnerability was reported in Ethereal in the processing of RADIUS packet attributes. A remote user can cause the Ethereal process to crash.

Jonathan Heusser reported that a remote user can send a specially crafted packet to trigger a null pointer dereference, causing the application to crash. The flaw reportedly resides in the dissect_attribute_value_pairs() function in the 'packet-radius.c' file.

The report indicates that it may be possible to execute arbitrary code.

Impact:   A remote user can cause the application to crash.
Solution:   Fedora has issued a fix.

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/ethereal-0.10.3-0.73.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-0.10.3-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-gnome-0.10.3-0.73.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/ethereal-0.10.3-0.90.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/ethereal-0.10.3-0.90.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/ethereal-gnome-0.10.3-0.90.4.legacy.i386.rpm

The SHA1 verification checksums are:

9dea4bd2d8a8efce8722e7891a8b211ece731645
7.3/updates/i386/ethereal-0.10.3-0.73.3.legacy.i386.rpm
f3defe29af6aceec7df646a0a49d8654823796e1
7.3/updates/i386/ethereal-gnome-0.10.3-0.73.3.legacy.i386.rpm
33c5ea5e2cabcd186aace74b9679a07c950d0d89
7.3/updates/SRPMS/ethereal-0.10.3-0.73.3.legacy.src.rpm
5c8e340c29644e861ebe064158b04420ca447066
9/updates/i386/ethereal-0.10.3-0.90.4.legacy.i386.rpm
beb7b34e7a09b29c32976f7af123c7712f469bc6
9/updates/i386/ethereal-gnome-0.10.3-0.90.4.legacy.i386.rpm
a32b6b54c36c2fe6a29e47080cadbb6ae87c8d6a
9/updates/SRPMS/ethereal-0.10.3-0.90.4.legacy.src.rpm

Vendor URL:  www.ethereal.com/appnotes/enpa-sa-00013.html (Links to External Site)
Cause:   Boundary error, State error
Underlying OS:   Linux (Red Hat Linux)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 26 2004 Ethereal RADIUS Attribute Parsing Null Pointer Dereference Lets Remote Users Deny Service



 Source Message Contents

Date:  Thu, 30 Sep 2004 06:24:34 -0400
Subject:  [Full-Disclosure] [FLSA-2004:1840] Updated Ethereal packages fix security issues


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -
-----------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated Ethereal packages fix security issues
Advisory ID:       FLSA:1840
Issue date:        2004-09-30
Product:           Red Hat Linux
Keywords:          Bugfix
Cross references:  https://bugzilla.fedora.us/show_bug.cgi?id=1840
CVE Names:         CAN-2004-0176 CAN-2004-0365 CAN-2004-0367
                   CAN-2004-0504 CAN-2004-0505 CAN-2004-0506
                   CAN-2004-0507 CAN-2004-0633 CAN-2004-0634
                   CAN-2004-0635
- -
-----------------------------------------------------------------------


- -
-----------------------------------------------------------------------
1. Topic:

Updated Ethereal packages that fix various security vulnerabilities are
now
available.

Ethereal is a program for monitoring network traffic.

2. Relevent releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386

3. Problem description:

Issues fixed with this Ethereal release include:

Stefan Esser reported that Ethereal versions 0.10.1 and earlier contain
stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP
dissectors.
On a system where Ethereal is being run a remote attacker could send
malicious packets that could cause Ethereal to crash or execute
arbitrary
code. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has
assigned the name CAN-2004-0176 to this issue.

Jonathan Heussser discovered that a carefully-crafted RADIUS packet
could
cause a crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0365 to this issue.

Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of
service (crash) via a zero-length Presentation protocol selector. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned
the name CAN-2004-0367 to this issue.

The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3 contained
a
buffer overflow flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash
or
execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0507 to this issue.

In addition, other flaws in Ethereal prior to 0.10.4 were found that
could
cause it to crash in response to carefully crafted SIP (CAN-2004-0504),
AIM
(CAN-2004-0505), or SPNEGO (CAN-2004-0506) packets.

The SNMP dissector in Ethereal releases 0.8.15 through 0.10.4 contained
a
memory read flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash
or
possibly execute arbitrary code. The Common Vulnerabilities and
Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0635 to this
issue.

The SMB dissector in Ethereal releases 0.9.15 through 0.10.4 contained a
null pointer flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to
crash.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0634 to this issue.

The iSNS dissector in Ethereal releases 0.10.3 through 0.10.4 contained
an
integer overflow flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash
or
possibly execute arbitrary code. The Common Vulnerabilities and
Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0633 to this
issue.

Users of Ethereal should upgrade to these updated packages, which
contain
backported security patches that correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are
not installed but included in the list will not be updated.  Note that
you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate
RPMs being upgraded on your system.  This assumes that you have yum or
apt-get configured for obtaining Fedora Legacy content. Please visit
http://www fedoralegacy.org/docs for directions on how to configure yum
and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #1419
http://bugzilla.fedora.us - bug #1840

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/ethereal-0.10.3-0.73.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-0.10.3-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-gnome-0.10.3-0.73.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/ethereal-0.10.3-0.90.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/ethereal-0.10.3-0.90.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/ethereal-gnome-0.10.3-0.90.4.legacy.i386.rpm

7. Verification:

SHA1 sum                                 Package Name
- -
---------------------------------------------------------------------------

9dea4bd2d8a8efce8722e7891a8b211ece731645
7.3/updates/i386/ethereal-0.10.3-0.73.3.legacy.i386.rpm
f3defe29af6aceec7df646a0a49d8654823796e1
7.3/updates/i386/ethereal-gnome-0.10.3-0.73.3.legacy.i386.rpm
33c5ea5e2cabcd186aace74b9679a07c950d0d89
7.3/updates/SRPMS/ethereal-0.10.3-0.73.3.legacy.src.rpm
5c8e340c29644e861ebe064158b04420ca447066
9/updates/i386/ethereal-0.10.3-0.90.4.legacy.i386.rpm
beb7b34e7a09b29c32976f7af123c7712f469bc6
9/updates/i386/ethereal-gnome-0.10.3-0.90.4.legacy.i386.rpm
a32b6b54c36c2fe6a29e47080cadbb6ae87c8d6a
9/updates/SRPMS/ethereal-0.10.3-0.90.4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://www.ethereal.com/appnotes/enpa-sa-00013.html
http://www.ethereal.com/appnotes/enpa-sa-00014.html
http://www.ethereal.com/appnotes/enpa-sa-00015.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0635

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org

- -
---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBW96ILMAs/0C4zNoRAt2IAJ92d61uwD3kP8uxzOMeL4LhhNoFWACcD5zx
XVIAJKRFtSw27sw4giVzPc0=
=SUxl
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC