Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 116943 - net-analyzer/ethereal GTP Dissector Denial of Service Vulnerability
Summary: net-analyzer/ethereal GTP Dissector Denial of Service Vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/18229/
Whiteboard: B3 [noglsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2005-12-27 20:00 UTC by ChazeFroy
Modified: 2006-03-24 04:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description ChazeFroy 2005-12-27 20:00:34 UTC 
Ethereal 0.10.14 has been released and it fixes three security vulnerabilities:

- The IRC dissector could go into an infinite loop. Versions affected: 0.10.13.
- The GTP dissector could go into an infinite loop. Versions affected: 0.9.1 to 0.10.13.
- iDefense found a buffer overflow in the OSPF dissector. Versions affected: 0.8.20 to 0.10.13.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-28 04:35:45 UTC 
The buffer overflow was already fixed on bug #115030. The two infinite loop issues remain.

netmon please advise and bump as necessary.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-12-28 07:51:15 UTC 
.
Comment 3 Daniel Black (RETIRED) gentoo-dev 2005-12-28 14:52:46 UTC 
ethereal-0.10.14 added

verified that OSPF code is fixed

IRC code is the same as 0.10.13-r2 so this is only a GTP dissector DoS.

I tend to vote no to a GLSA based on this.
Comment 4 Mark Loeser (RETIRED) gentoo-dev 2005-12-28 18:21:05 UTC 
x86 stable
Comment 5 Markus Rothe (RETIRED) gentoo-dev 2005-12-29 00:52:18 UTC 
stable on ppc64
Comment 6 Simon Stelling (RETIRED) gentoo-dev 2005-12-29 06:47:04 UTC 
amd64 stable
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2005-12-29 07:54:33 UTC 
sparc stable.
Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev 2005-12-29 12:23:40 UTC 
ppc stable
Comment 9 Fernando J. Pereda (RETIRED) gentoo-dev 2005-12-30 08:43:12 UTC 
Stable on alpha

Cheers,
Ferdy
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2005-12-31 05:14:53 UTC 
I tend to vote no.
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-31 06:25:21 UTC 
I tend to vote NO too.
Comment 12 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-02 13:11:00 UTC 
i'd say no, too
Comment 13 Vic Fryzel (shellsage) (RETIRED) gentoo-dev 2006-01-02 13:16:48 UTC 
I vote no.
Comment 14 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-02 13:22:41 UTC 
ok, enough no-votes to close without glsa. ia64 shouldn't forget to stable.