SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Wireshark Vendors:   Wireshark.org
(Conectiva Issues Fix) Re: Ethereal SNMP Processing Bug Lets Remote Users Crash the Network Sniffer
SecurityTracker Alert ID:  1004154
SecurityTracker URL:  http://securitytracker.com/id/1004154
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 25 2002
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A denial of service vulnerability has been reported in the Ethereal network sniffing software. A remote user can cause the application to crash.

SecurityFocus has reported a denial of service vulnerability and a potential buffer overflow vulnerability in the Ethereal packet sniffer.

According to the report, a remote user can created a specific malformed SNMP packet that will cause Ethereal to crash when it reads the packet. The report also indicates that this behavior may be due to a buffer overflow that may potentially be exploitable (however, that has not been confirmed).

This vulnerability can reporteldy be triggered using the Protos SNMP test "set-req-ber-l-length" in the category of "Invalid BER length (L) fields."

This information is based on a Feb 19 2002 message from Information Security <informationsecurity@federatedinv.com>.

Impact:   A remote user can cause the Ethereal sniffer to crash. A remote user may be able to execute arbitrary code on the sniffer (however, that has not been confirmed).
Solution:   Conectiva has issued the following fixed packages:

ftp://atualizacoes.conectiva.com.br/5.0/i386/ethereal-0.9.3-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/ethereal-0.9.3-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/ethereal-0.9.3-1U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/ethereal-0.9.3-1U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ethereal-0.9.3-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/ethereal-0.9.3-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ethereal-0.9.3-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/ethereal-0.9.3-1U70_1cl.src.rpm

Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):

rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

- run: apt-get update
- after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

Vendor URL:  www.ethereal.com (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Conectiva)
Underlying OS Comments:  5.0, 5.1, 6.0, 7.0

Message History:   This archive entry is a follow-up to the message listed below.
Feb 25 2002 Ethereal SNMP Processing Bug Lets Remote Users Crash the Network Sniffer



 Source Message Contents

Subject:  [CLA-2002:474] Conectiva Linux Security Announcement - ethereal


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : ethereal
SUMMARY   : Packet handling vulnerabilities
DATE      : 2002-04-25 14:21:00
ID        : CLA-2002:474
RELEVANT
RELEASES  : 5.0, 5.1, 6.0, 7.0

- -------------------------------------------------------------------------

DESCRIPTION
 Ethereal is a powerful network traffic analyzer with an intuitive
 interface.
 
 This update addresses two vulnerabilities stated in ethereal's home
 page:
 
 1.SNMP and LDAP string handling[1]
 The PROTOS[2] test suite developed by the Oulu University Secure
 Programming Group found some flaws in SNMP and LDAP protocols support
 in ethereal. It may be possible to crash or execute arbitrary code in
 the ethereal's context (ethereal is usually run by root) by injecting
 crafted packets in the network or convincing someone to open a trace
 file with such packets.
 
 2.ASN.1 zero-length g_malloc[3]
 Due to improper string parsing in ASN.1 routines, it is possible to
 crash ethereal by inserting malformed packets in the wire or by
 opening a trace file with such packets inside. SNMP, LDAP, COPS and
 Kerberos parsers use the ASN routines to handle traffic.
 
 There's also a third vulnerability reported in ethereal's home page
 related to zlib's double free bug, which have been addressed already
 by our zlib's advisory[4] some time ago.


SOLUTION
 All ethereal users should do the upgrade.
 
 
 REFERENCES:
 1.http://www.ethereal.com/appnotes/enpa-sa-00001.html
 2.http://www.ee.oulu.fi/research/ouspg/protos
 3.http://www.ethereal.com/appnotes/enpa-sa-00003.html
 4.http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469&idioma=en


DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.0/i386/ethereal-0.9.3-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/ethereal-0.9.3-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/ethereal-0.9.3-1U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/ethereal-0.9.3-1U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ethereal-0.9.3-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/ethereal-0.9.3-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ethereal-0.9.3-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/ethereal-0.9.3-1U70_1cl.src.rpm


ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform 
 upgrades of RPM packages:
 - add the following line to /etc/apt/sources.list if it is not there yet
   (you may also use linuxconf to do this):

 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8yDsw42jd0JmAcZARAnwDAKCBbQlAE7hmcHK+U4xhbiIG/Uh1LgCgmUyg
KaQ5vPmuwkMKPnGIJdPlwKM=
=WLTd
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC