SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Security)  >   Wireshark Vendors:   Wireshark.org
(Fedora Issues Fix for RH Linux) Ethereal Bugs in the iSNS, SMB, and SNMP Dissectors Let Remote Users Crash Ethereal or Possibly Execute Arbitrary Code
SecurityTracker Alert ID:  1011494
SecurityTracker URL:  http://securitytracker.com/id/1011494
CVE Reference:   CAN-2004-0633, CAN-2004-0634, CAN-2004-0635   (Links to External Site)
Date:  Oct 1 2004
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.8.15 up to and including 0.10.4
Description:   Several vulnerabilities were was reported in Ethereal in the iSNS, SMB, and SNMP dissectors. A remote user can cause the Ethereal process to crash and may be able to execute arbitrary code on the target system.

The vendor reported that a remote user can send a specially crafted packet to the target system or via a network that is monitored by the target system to trigger one of several flaws. A remote user can also create a specially crafted trace file that, when played by the target user, will have the same effect.

A remote user can cause the iSNS dissector to cause Ethereal to abort in some cases (affecting versions 0.10.3 - 0.10.4), the report said [CVE: CAN-2004-0633].

It is also reported that the Ethereal process performing SMB SID snooping may crash if there is no policy name for a handle (affecting versions 0.9.15 - 0.10.4) [CVE: CAN-2004-0634].

It is also reported that a remote user can send an SNMP packet with a specially crafted or missing community string to cause the process to crash (affecting versions 0.8.15 - 0.10.4) [CVE: CAN-2004-0635].

Impact:   A remote user can cause the Ethereal process to crash.

A remote user may be able to execute arbitrary code on the target system with the privileges of the Ethereal process.

Solution:   Fedora has issued a fix.

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/ethereal-0.10.3-0.73.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-0.10.3-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-gnome-0.10.3-0.73.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/ethereal-0.10.3-0.90.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/ethereal-0.10.3-0.90.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/ethereal-gnome-0.10.3-0.90.4.legacy.i386.rpm

The SHA1 verification checksums are:

9dea4bd2d8a8efce8722e7891a8b211ece731645
7.3/updates/i386/ethereal-0.10.3-0.73.3.legacy.i386.rpm
f3defe29af6aceec7df646a0a49d8654823796e1
7.3/updates/i386/ethereal-gnome-0.10.3-0.73.3.legacy.i386.rpm
33c5ea5e2cabcd186aace74b9679a07c950d0d89
7.3/updates/SRPMS/ethereal-0.10.3-0.73.3.legacy.src.rpm
5c8e340c29644e861ebe064158b04420ca447066
9/updates/i386/ethereal-0.10.3-0.90.4.legacy.i386.rpm
beb7b34e7a09b29c32976f7af123c7712f469bc6
9/updates/i386/ethereal-gnome-0.10.3-0.90.4.legacy.i386.rpm
a32b6b54c36c2fe6a29e47080cadbb6ae87c8d6a
9/updates/SRPMS/ethereal-0.10.3-0.90.4.legacy.src.rpm

Vendor URL:  www.ethereal.com/appnotes/enpa-sa-00015.html (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Red Hat Linux)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 7 2004 Ethereal Bugs in the iSNS, SMB, and SNMP Dissectors Let Remote Users Crash Ethereal or Possibly Execute Arbitrary Code



 Source Message Contents

Date:  Thu, 30 Sep 2004 06:24:34 -0400
Subject:  [Full-Disclosure] [FLSA-2004:1840] Updated Ethereal packages fix security issues


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -
-----------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated Ethereal packages fix security issues
Advisory ID:       FLSA:1840
Issue date:        2004-09-30
Product:           Red Hat Linux
Keywords:          Bugfix
Cross references:  https://bugzilla.fedora.us/show_bug.cgi?id=1840
CVE Names:         CAN-2004-0176 CAN-2004-0365 CAN-2004-0367
                   CAN-2004-0504 CAN-2004-0505 CAN-2004-0506
                   CAN-2004-0507 CAN-2004-0633 CAN-2004-0634
                   CAN-2004-0635
- -
-----------------------------------------------------------------------


- -
-----------------------------------------------------------------------
1. Topic:

Updated Ethereal packages that fix various security vulnerabilities are
now
available.

Ethereal is a program for monitoring network traffic.

2. Relevent releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386

3. Problem description:

Issues fixed with this Ethereal release include:

Stefan Esser reported that Ethereal versions 0.10.1 and earlier contain
stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP
dissectors.
On a system where Ethereal is being run a remote attacker could send
malicious packets that could cause Ethereal to crash or execute
arbitrary
code. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has
assigned the name CAN-2004-0176 to this issue.

Jonathan Heussser discovered that a carefully-crafted RADIUS packet
could
cause a crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0365 to this issue.

Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of
service (crash) via a zero-length Presentation protocol selector. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned
the name CAN-2004-0367 to this issue.

The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3 contained
a
buffer overflow flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash
or
execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0507 to this issue.

In addition, other flaws in Ethereal prior to 0.10.4 were found that
could
cause it to crash in response to carefully crafted SIP (CAN-2004-0504),
AIM
(CAN-2004-0505), or SPNEGO (CAN-2004-0506) packets.

The SNMP dissector in Ethereal releases 0.8.15 through 0.10.4 contained
a
memory read flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash
or
possibly execute arbitrary code. The Common Vulnerabilities and
Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0635 to this
issue.

The SMB dissector in Ethereal releases 0.9.15 through 0.10.4 contained a
null pointer flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to
crash.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0634 to this issue.

The iSNS dissector in Ethereal releases 0.10.3 through 0.10.4 contained
an
integer overflow flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash
or
possibly execute arbitrary code. The Common Vulnerabilities and
Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0633 to this
issue.

Users of Ethereal should upgrade to these updated packages, which
contain
backported security patches that correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are
not installed but included in the list will not be updated.  Note that
you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate
RPMs being upgraded on your system.  This assumes that you have yum or
apt-get configured for obtaining Fedora Legacy content. Please visit
http://www fedoralegacy.org/docs for directions on how to configure yum
and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #1419
http://bugzilla.fedora.us - bug #1840

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/ethereal-0.10.3-0.73.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-0.10.3-0.73.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-gnome-0.10.3-0.73.3.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/ethereal-0.10.3-0.90.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/ethereal-0.10.3-0.90.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/ethereal-gnome-0.10.3-0.90.4.legacy.i386.rpm

7. Verification:

SHA1 sum                                 Package Name
- -
---------------------------------------------------------------------------

9dea4bd2d8a8efce8722e7891a8b211ece731645
7.3/updates/i386/ethereal-0.10.3-0.73.3.legacy.i386.rpm
f3defe29af6aceec7df646a0a49d8654823796e1
7.3/updates/i386/ethereal-gnome-0.10.3-0.73.3.legacy.i386.rpm
33c5ea5e2cabcd186aace74b9679a07c950d0d89
7.3/updates/SRPMS/ethereal-0.10.3-0.73.3.legacy.src.rpm
5c8e340c29644e861ebe064158b04420ca447066
9/updates/i386/ethereal-0.10.3-0.90.4.legacy.i386.rpm
beb7b34e7a09b29c32976f7af123c7712f469bc6
9/updates/i386/ethereal-gnome-0.10.3-0.90.4.legacy.i386.rpm
a32b6b54c36c2fe6a29e47080cadbb6ae87c8d6a
9/updates/SRPMS/ethereal-0.10.3-0.90.4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://www.ethereal.com/appnotes/enpa-sa-00013.html
http://www.ethereal.com/appnotes/enpa-sa-00014.html
http://www.ethereal.com/appnotes/enpa-sa-00015.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0635

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org

- -
---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBW96ILMAs/0C4zNoRAt2IAJ92d61uwD3kP8uxzOMeL4LhhNoFWACcD5zx
XVIAJKRFtSw27sw4giVzPc0=
=SUxl
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC