22950 – net-analyzer/ethereal

Bug 22950 - net-analyzer/ethereal

Summary: net-analyzer/ethereal

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Highest critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:	22774
Blocks:
	Show dependency tree

Reported:	2003-06-16 13:39 UTC by Daniel Ahlberg (RETIRED)
Modified:	2003-06-25 15:39 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Ahlberg (RETIRED) gentoo-dev

2003-06-16 13:39:01 UTC

SUMMARY 
 
 
 
 
Name: Several security problems in Ethereal 0.9.12 
 
 Docid: enpa-sa-00010 
 
 
 Date: June 11, 2003 
 
 
 Severity: High 
 
 
  
 
 
 
 
 
 
DETAILS 
 
 
 
 
Description: 
 
 Further source code auditing by Timo Sirainen has turned up several string handling flaws in various 
protocol dissectors. Separate security problems were discovered by other people: 
 
 
  
 
The DCERPC dissector could try to allocate too much memory while trying to decode an NDR string.  
Bad IPv4 or IPv6 prefix lengths could cause an overflow in the OSI dissector.  
The SPNEGO dissector could segfault while parsing an invalid ASN.1 value.  
The tvb_get_nstringz0() routine incorrectly handled a zero-length buffer size.  
The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI dissectors handled strings 
improperly.  
 
Impact: 
 
 
 It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed 
packet onto the wire, or by convincing someone to read a malformed packet trace file.  
 
 
Resolution: 
 
 
 Upgrade to 0.9.13.

Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev

2003-06-25 15:39:28 UTC

glsa sent