Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 130505 - net-analyzer/ethereal Multiple issues
Summary: net-analyzer/ethereal Multiple issues
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.ethereal.com/appnotes/enpa...
Whiteboard: B1 [glsa] jaervosz
Keywords:
: 131197 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-04-19 11:40 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2006-10-15 04:28 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-19 11:40:47 UTC 
Version 0.99.0 of Ethereal is expected to be released in the next
few days.  It fixes another slew of security issues.  The 0.99.x set of
releases is intended to be a set of milestones that progress to v1.0.
For the purposes of distribution it should be considered stable.

The following issues were found using our internal testing processes:

  The H.248 dissector could crash.
  Fixed in r16967, r17015
  Bug IDs: 651
  Versions affected: 0.10.14.

  The UMA dissector could go into an infinite loop.
  Fixed in r17119, r17273
  Bug IDs: 716
  Versions affected: 0.10.12 - 0.10.14.

  The X.509if dissector could crash.
  Fixed in r16995, r17337
  Bug IDs: None
  Versions affected: 0.10.14.

  The SRVLOC dissector could crash.
  Fixed in r17001
  Bug IDs: None
  Versions affected: 0.10.0 - 0.10.14.

  The H.245 dissector could crash.
  Fixed in r17022
  Bug IDs: 667
  Versions affected: 0.10.13 - 0.10.14.

  Ethereal's OID printing routine was susceptible to an off-by-one
  error.
  Fixed in r17048
  Bug IDs: 698
  Versions affected: 0.10.14.

  The COPS dissector could overflow a buffer.
  Fixed in r17051
  Bug IDs: None
  Versions affected: 0.9.15 - 0.10.14.

  The ALCAP dissector could overflow a buffer.
  Fixed in r17495
  Bug IDs: 794
  Versions affected: 0.10.14.


The following issues were found by Coverity under a grant funded by the
U.S. Department of Homeland Security:

  The statistics counter could crash Ethereal.
  Fixed in r17497
  Bug IDs: None
  Coverity CID 32
  Versions affected: 0.10.10 - 0.10.14.

  Ethereal could crash while reading a malformed Sniffer capture.
  Fixed in r17556
  Bug IDs: None
  Coverity CID 33
  Versions affected: 0.8.12 - 0.10.14.

  An invalid display filter could crash Ethereal.
  Fixed in r17555
  Bug IDs: None
  Coverity CID 34
  Versions affected: 0.9.16 - 0.10.14.

  The general packet dissector could crash Ethereal.
  Fixed in r17494
  Bug IDs: None
  Coverity CID 35
  Versions affected: 0.10.9 - 0.10.14.

  The AIM dissector could crash Ethereal.
  Fixed in r17512
  Bug IDs: None
  Coverity CID 39
  Versions affected: 0.10.7 - 0.10.14.

  The RPC dissector could crash Ethereal.
  Fixed in r17546
  Bug IDs: None
  Coverity CID 40
  Versions affected: 0.9.8 - 0.10.14.

  The DCERPC dissector could crash Ethereal.
  Fixed in r17657
  Bug IDs: None
  Coverity CID 41
  Versions affected: 0.9.16 - 0.10.14.

  The ASN.1 dissector could crash Ethereal.
  Fixed in r17548, r17710, r17736, r17770
  Bug IDs: None
  Coverity CID 42, 43, 146
  Versions affected: 0.9.8 - 0.10.14.

  The SMB PIPE dissector could crash Ethereal.
  Fixed in r17509, r17523, r17621, r17708
  Bug IDs: None
  Coverity CID 44, 46, 47, 48
  Versions affected: 0.8.20 - 0.10.14.

  The BER dissector could loop excessively.
  Fixed in r17498, r17625
  Bug IDs: None
  Coverity CID 67, 68, 136
  Versions affected: 0.10.4 - 0.10.14.

  The SNDCP dissector could abort.
  Fixed in r17518
  Bug IDs: None
  Coverity CID 73
  Versions affected: 0.10.4 - 0.10.14.

  The Network Instruments file code could overrun a buffer.
  Fixed in r17520
  Bug IDs: None
  Coverity CID 82
  Versions affected: 0.10.0 - 0.10.14.

  The NetXray/Windows Sniffer file code could overrun a buffer.
  Fixed in r17580
  Bug IDs: None
  Coverity CID 83
  Versions affected: 0.10.13 - 0.10.14.

  The GSM SMS dissector could crash Ethereal.
  Fixed in r17506
  Bug IDs: None
  Coverity CID 104
  Versions affected: 0.9.16 - 0.10.14.

  The ALCAP dissector could overrun a buffer.
  Fixed in r17724
  Bug IDs: None
  Coverity CID 105
  Versions affected: 0.10.14.

  The telnet dissector could overrun a buffer.
  Fixed in r17487
  Bug IDs: None
  Coverity CID 106
  Versions affected: 0.8.5 - 0.10.14.

  ASN.1-based dissectors could crash Ethereal.
  Fixed in r17489
  Bug IDs: None
  Coverity CID 109
  Versions affected: 0.9.10 - 0.10.14.

  The H.248 dissector could crash Ethereal.
  Fixed in r17571
  Bug IDs: None
  Coverity CID 113,114
  Versions affected: 0.10.11 - 0.10.14.

  The DCERPC NT dissector could crash Ethereal.
  Fixed in r17511
  Bug IDs: None
  Coverity CID 128
  Versions affected: 0.9.14 - 0.10.14.

  The PER dissector could crash Ethereal.
  Fixed in r17511
  Bug IDs: None
  Coverity CID 135
  Versions affected: 0.9.14 - 0.10.14.


Notes

  "Could crash" in the descriptions above is a euphemism for "could
  dereference a null pointer".

  The Coverity audit turned up several UI-related bugs that could make
  Ethereal crash (mostly null pointer exceptions).
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-19 11:43:20 UTC 
Marcelo please be ready to bump.
Comment 2 Daniel Black (RETIRED) gentoo-dev 2006-04-25 03:29:13 UTC 
*** Bug 131197 has been marked as a duplicate of this bug. ***
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-25 04:17:03 UTC 
Opening since this is public now.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-25 04:36:47 UTC 
Correct URL.
Comment 5 Daniel Black (RETIRED) gentoo-dev 2006-04-25 06:09:18 UTC 
ethereal fun. enjoy boys and girls.
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2006-04-25 13:34:48 UTC 
ppc stable
Comment 7 Daniel Black (RETIRED) gentoo-dev 2006-04-25 17:48:11 UTC 
I'm not going to mark it as a blocker. just FYI the experimental feature --as-needed has a bug with ethereal-0.99.0 (bug 131252)
Comment 8 Jason Wever (RETIRED) gentoo-dev 2006-04-25 19:16:55 UTC 
Stable on SPAWK
Comment 9 Sander Knopper 2006-04-26 09:22:39 UTC 
on x86:

[ebuild  N    ] net-analyzer/ethereal-0.99.0  -adns +gtk -ipv6 -kerberos -snmp +ssl -threads

Compiles fine and seems to work good too. I've tested some basic functionality since I'm working for school on a SIP assignment. So I had a good chance to test it.


emerge info
_____________________________________________

Portage 2.0.54 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.5-r3, 2.6.16.9 i686)
=================================================================
System uname: 2.6.16.9 i686 AMD Athlon(tm) 64 Processor 3200+
Gentoo Base System version 1.6.14
dev-lang/python:     2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/share/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d"
CXXFLAGS="-march=k8 -O2 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig collision-protect distlocks sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo/"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.nl.gentoo.org/gentoo-portage"
USE="x86 3dnow 3dnowext X aac acpi alsa apache2 avi bitmap-fonts bzip2 cairo cdb cdparanoia cli crypt ctype cups dri dvd dvdread eds encode esd exif expat fam ffmpeg firefox foomaticdb ftp gd gdbm gif gstreamer gtk gtk2 iconv icu idn isdnlog jpeg jpeg2k kde kdeenablefinal libwww lm_sensors mad mmx mmxext mozsvg mp3 mpeg mplayer msn mysql ncurses network nls nomotif nptl nptlonly nsplugin ogg opengl pcre pdflib php png posix ppds pppd qt quicktime rdesktop readline reflection rtc session sharedmem sockets spl sse sse2 ssl svg tcpd tetex tiff truetype truetype-fonts type1-fonts udev unicode userlocales vorbis win32codecs xml xml2 xorg xpm xv zlib video_cards_radeon input_devices_keyboard input_devices_mouse userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, INSTALL_MASK, LDFLAGS, LINGUAS, MAKEOPTS, PORTDIR_OVERLAY
Comment 10 Thomas Cort (RETIRED) gentoo-dev 2006-04-26 09:36:46 UTC 
alpha stable.
Comment 11 Chris Gianelloni (RETIRED) gentoo-dev 2006-04-26 09:55:12 UTC 
Stable on x86
Comment 12 Markus Rothe (RETIRED) gentoo-dev 2006-04-26 11:29:52 UTC 
stable on ppc64
Comment 13 Jon Hood (RETIRED) gentoo-dev 2006-04-26 12:07:00 UTC 
amd64 stable
Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-26 22:34:18 UTC 
GLSA 200604-17

ia64 don't forget to mark stable to benifit from the GLSA.
Comment 15 Daniel Black (RETIRED) gentoo-dev 2006-05-29 14:25:53 UTC 
ia64 ping. Feel free to remove 0.10* after keywording 0.99.0