[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20021024133556.M18415@caldera.com>
From: security at caldera.com (security@...dera.com)
Subject: Security Update: [CSSA-2002-037.0] Linux: various packet handling vunerabilities in ethereal
To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com full-disclosure@...ts.netsys.com
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: various packet handling vunerabilities in ethereal
Advisory number: CSSA-2002-037.0
Issue date: 2002 October 24
Cross reference:
______________________________________________________________________________
1. Problem Description
The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote
attackers to cause a denial of service (crash) via a certain
malformed packet, which causes Ethereal to allocate memory
incorrectly, possibly due to zero-length fields.
SMB dissector in Ethereal 0.9.3 and earlier allows remote
attackers to cause a denial of service (crash) or execute
arbitrary code via malformed packets that cause Ethereal to
dereference a NULL pointer.
Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier
allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code while Ethereal is parsing
keysyms.
DNS dissector in Ethereal before 0.9.3 allows remote attackers
to cause a denial of service (CPU consumption) via a malformed
packet that causes Ethereal to enter an infinite loop.
Vulnerability in GIOP dissector in Ethereal before 0.9.3
allows remote attackers to cause a denial of service (memory
consumption).
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to ethereal-0.9.4-1.i386.rpm
OpenLinux 3.1.1 Workstation prior to ethereal-0.9.4-1.i386.rpm
OpenLinux 3.1 Server prior to ethereal-0.9.4-1.i386.rpm
OpenLinux 3.1 Workstation prior to ethereal-0.9.4-1.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-037.0/RPMS
4.2 Packages
9a40c4a30048082eddf7944d80ff4dbe ethereal-0.9.4-1.i386.rpm
4.3 Installation
rpm -Fvh ethereal-0.9.4-1.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-037.0/SRPMS
4.5 Source Packages
8f22f36b6603d154a09b7b3145d2d987 ethereal-0.9.4-1.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-037.0/RPMS
5.2 Packages
9260d8dee3344ae25b29a149be6af9e1 ethereal-0.9.4-1.i386.rpm
5.3 Installation
rpm -Fvh ethereal-0.9.4-1.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-037.0/SRPMS
5.5 Source Packages
256b4438061bbae6aab557728e179ee4 ethereal-0.9.4-1.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-037.0/RPMS
6.2 Packages
cc2c9ee1a4f25c264519061a937e0cda ethereal-0.9.4-1.i386.rpm
6.3 Installation
rpm -Fvh ethereal-0.9.4-1.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-037.0/SRPMS
6.5 Source Packages
e04a540fdddb2b48032d3ada7a5f6ae6 ethereal-0.9.4-1.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-037.0/RPMS
7.2 Packages
2f13e3ae77bbfeabae68fe358ad120c6 ethereal-0.9.4-1.i386.rpm
7.3 Installation
rpm -Fvh ethereal-0.9.4-1.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-037.0/SRPMS
7.5 Source Packages
e18cd26d3cee11344e80432b9043b732 ethereal-0.9.4-1.src.rpm
8. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0404
http://www.ethereal.com/appnotes/enpa-sa-00004.html
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr863791, fz520851,
erg712037.
9. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
______________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 237 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021024/ef684bf4/attachment.bin
Powered by blists - more mailing lists