First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 130505
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 130505 depends on: Show dependency tree
Bug 130505 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-04-19 11:40 0000 
Version 0.99.0 of Ethereal is expected to be released in the next
few days.  It fixes another slew of security issues.  The 0.99.x set of
releases is intended to be a set of milestones that progress to v1.0.
For the purposes of distribution it should be considered stable.

The following issues were found using our internal testing processes:

  The H.248 dissector could crash.
  Fixed in r16967, r17015
  Bug IDs: 651
  Versions affected: 0.10.14.

  The UMA dissector could go into an infinite loop.
  Fixed in r17119, r17273
  Bug IDs: 716
  Versions affected: 0.10.12 - 0.10.14.

  The X.509if dissector could crash.
  Fixed in r16995, r17337
  Bug IDs: None
  Versions affected: 0.10.14.

  The SRVLOC dissector could crash.
  Fixed in r17001
  Bug IDs: None
  Versions affected: 0.10.0 - 0.10.14.

  The H.245 dissector could crash.
  Fixed in r17022
  Bug IDs: 667
  Versions affected: 0.10.13 - 0.10.14.

  Ethereal's OID printing routine was susceptible to an off-by-one
  error.
  Fixed in r17048
  Bug IDs: 698
  Versions affected: 0.10.14.

  The COPS dissector could overflow a buffer.
  Fixed in r17051
  Bug IDs: None
  Versions affected: 0.9.15 - 0.10.14.

  The ALCAP dissector could overflow a buffer.
  Fixed in r17495
  Bug IDs: 794
  Versions affected: 0.10.14.


The following issues were found by Coverity under a grant funded by the
U.S. Department of Homeland Security:

  The statistics counter could crash Ethereal.
  Fixed in r17497
  Bug IDs: None
  Coverity CID 32
  Versions affected: 0.10.10 - 0.10.14.

  Ethereal could crash while reading a malformed Sniffer capture.
  Fixed in r17556
  Bug IDs: None
  Coverity CID 33
  Versions affected: 0.8.12 - 0.10.14.

  An invalid display filter could crash Ethereal.
  Fixed in r17555
  Bug IDs: None
  Coverity CID 34
  Versions affected: 0.9.16 - 0.10.14.

  The general packet dissector could crash Ethereal.
  Fixed in r17494
  Bug IDs: None
  Coverity CID 35
  Versions affected: 0.10.9 - 0.10.14.

  The AIM dissector could crash Ethereal.
  Fixed in r17512
  Bug IDs: None
  Coverity CID 39
  Versions affected: 0.10.7 - 0.10.14.

  The RPC dissector could crash Ethereal.
  Fixed in r17546
  Bug IDs: None
  Coverity CID 40
  Versions affected: 0.9.8 - 0.10.14.

  The DCERPC dissector could crash Ethereal.
  Fixed in r17657
  Bug IDs: None
  Coverity CID 41
  Versions affected: 0.9.16 - 0.10.14.

  The ASN.1 dissector could crash Ethereal.
  Fixed in r17548, r17710, r17736, r17770
  Bug IDs: None
  Coverity CID 42, 43, 146
  Versions affected: 0.9.8 - 0.10.14.

  The SMB PIPE dissector could crash Ethereal.
  Fixed in r17509, r17523, r17621, r17708
  Bug IDs: None
  Coverity CID 44, 46, 47, 48
  Versions affected: 0.8.20 - 0.10.14.

  The BER dissector could loop excessively.
  Fixed in r17498, r17625
  Bug IDs: None
  Coverity CID 67, 68, 136
  Versions affected: 0.10.4 - 0.10.14.

  The SNDCP dissector could abort.
  Fixed in r17518
  Bug IDs: None
  Coverity CID 73
  Versions affected: 0.10.4 - 0.10.14.

  The Network Instruments file code could overrun a buffer.
  Fixed in r17520
  Bug IDs: None
  Coverity CID 82
  Versions affected: 0.10.0 - 0.10.14.

  The NetXray/Windows Sniffer file code could overrun a buffer.
  Fixed in r17580
  Bug IDs: None
  Coverity CID 83
  Versions affected: 0.10.13 - 0.10.14.

  The GSM SMS dissector could crash Ethereal.
  Fixed in r17506
  Bug IDs: None
  Coverity CID 104
  Versions affected: 0.9.16 - 0.10.14.

  The ALCAP dissector could overrun a buffer.
  Fixed in r17724
  Bug IDs: None
  Coverity CID 105
  Versions affected: 0.10.14.

  The telnet dissector could overrun a buffer.
  Fixed in r17487
  Bug IDs: None
  Coverity CID 106
  Versions affected: 0.8.5 - 0.10.14.

  ASN.1-based dissectors could crash Ethereal.
  Fixed in r17489
  Bug IDs: None
  Coverity CID 109
  Versions affected: 0.9.10 - 0.10.14.

  The H.248 dissector could crash Ethereal.
  Fixed in r17571
  Bug IDs: None
  Coverity CID 113,114
  Versions affected: 0.10.11 - 0.10.14.

  The DCERPC NT dissector could crash Ethereal.
  Fixed in r17511
  Bug IDs: None
  Coverity CID 128
  Versions affected: 0.9.14 - 0.10.14.

  The PER dissector could crash Ethereal.
  Fixed in r17511
  Bug IDs: None
  Coverity CID 135
  Versions affected: 0.9.14 - 0.10.14.


Notes

  "Could crash" in the descriptions above is a euphemism for "could
  dereference a null pointer".

  The Coverity audit turned up several UI-related bugs that could make
  Ethereal crash (mostly null pointer exceptions).

------- Comment #1 From Sune Kloppenborg Jeppesen 2006-04-19 11:43:20 0000 ------- 
Marcelo please be ready to bump.

------- Comment #2 From Daniel Black 2006-04-25 03:29:13 0000 ------- 
*** Bug 131197 has been marked as a duplicate of this bug. ***

------- Comment #3 From Sune Kloppenborg Jeppesen 2006-04-25 04:17:03 0000 ------- 
Opening since this is public now.

------- Comment #4 From Sune Kloppenborg Jeppesen 2006-04-25 04:36:47 0000 ------- 
Correct URL.

------- Comment #5 From Daniel Black 2006-04-25 06:09:18 0000 ------- 
ethereal fun. enjoy boys and girls.

------- Comment #6 From Tobias Scherbaum 2006-04-25 13:34:48 0000 ------- 
ppc stable

------- Comment #7 From Daniel Black 2006-04-25 17:48:11 0000 ------- 
I'm not going to mark it as a blocker. just FYI the experimental feature
--as-needed has a bug with ethereal-0.99.0 (bug 131252)

------- Comment #8 From Jason Wever (RETIRED) 2006-04-25 19:16:55 0000 ------- 
Stable on SPAWK

------- Comment #9 From Sander Knopper 2006-04-26 09:22:39 0000 ------- 
on x86:

[ebuild  N    ] net-analyzer/ethereal-0.99.0  -adns +gtk -ipv6 -kerberos -snmp
+ssl -threads

Compiles fine and seems to work good too. I've tested some basic functionality
since I'm working for school on a SIP assignment. So I had a good chance to
test it.


emerge info
_____________________________________________

Portage 2.0.54 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.5-r3, 2.6.16.9
i686)
=================================================================
System uname: 2.6.16.9 i686 AMD Athlon(tm) 64 Processor 3200+
Gentoo Base System version 1.6.14
dev-lang/python:     2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env
/usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config
/usr/share/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo
/etc/texmf/web2c /etc/env.d"
CXXFLAGS="-march=k8 -O2 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig collision-protect distlocks sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo/"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.nl.gentoo.org/gentoo-portage"
USE="x86 3dnow 3dnowext X aac acpi alsa apache2 avi bitmap-fonts bzip2 cairo
cdb cdparanoia cli crypt ctype cups dri dvd dvdread eds encode esd exif expat
fam ffmpeg firefox foomaticdb ftp gd gdbm gif gstreamer gtk gtk2 iconv icu idn
isdnlog jpeg jpeg2k kde kdeenablefinal libwww lm_sensors mad mmx mmxext mozsvg
mp3 mpeg mplayer msn mysql ncurses network nls nomotif nptl nptlonly nsplugin
ogg opengl pcre pdflib php png posix ppds pppd qt quicktime rdesktop readline
reflection rtc session sharedmem sockets spl sse sse2 ssl svg tcpd tetex tiff
truetype truetype-fonts type1-fonts udev unicode userlocales vorbis win32codecs
xml xml2 xorg xpm xv zlib video_cards_radeon input_devices_keyboard
input_devices_mouse userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, INSTALL_MASK, LDFLAGS, LINGUAS, MAKEOPTS,
PORTDIR_OVERLAY

------- Comment #10 From Thomas Cort (RETIRED) 2006-04-26 09:36:46 0000 ------- 
alpha stable.

------- Comment #11 From Chris Gianelloni (RETIRED) 2006-04-26 09:55:12 0000 ------- 
Stable on x86

------- Comment #12 From Markus Rothe 2006-04-26 11:29:52 0000 ------- 
stable on ppc64

------- Comment #13 From Jon Hood (RETIRED) 2006-04-26 12:07:00 0000 ------- 
amd64 stable

------- Comment #14 From Sune Kloppenborg Jeppesen 2006-04-26 22:34:18 0000 ------- 
GLSA 200604-17

ia64 don't forget to mark stable to benifit from the GLSA.

------- Comment #15 From Daniel Black 2006-05-29 14:25:53 0000 ------- 
ia64 ping. Feel free to remove 0.10* after keywording 0.99.0
First Last Prev Next    No search results available      Search page      Enter new bug