Gentoo Bug 56423 - net-analyzer/ethereal-0.10.5 fixes security bugs in iSNS, SMB, and SNMP

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	56423
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 56423 depends on:			Show dependency tree
Bug 56423 blocks:			Show dependency tree

Votes:	0 Show votes for this bug Vote for this bug

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2004-07-08 01:20 0000

Description:

Issues have been discovered in the following protocol dissectors:

    * The iSNS dissector could make Ethereal abort in some cases. (0.10.3 - 0.10.4)
    * SMB SID snooping could crash if there was no policy name for a handle. (0.9.15 - 0.10.4)
    * The SNMP dissector could crash due to a malformed or missing community string. (0.8.15 - 0.10.4)

Impact:

It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

http://www.ethereal.com/appnotes/enpa-sa-00015.html

------- Comment #1 From Thierry Carrez (RETIRED) 2004-07-08 02:11:24 0000 -------

netmon: please bump ethereal to 0.10.5.

Target keywords based on previous vulnerable ebuilds: "alpha amd64 ia64 ppc sparc x86"

------- Comment #2 From Eldad Zack (RETIRED) 2004-07-08 09:57:25 0000 -------

0.10.5, in portage now, I've marked x86 stable.

------- Comment #3 From Thierry Carrez (RETIRED) 2004-07-08 10:29:58 0000 -------

Arches: please mark stable

------- Comment #4 From Travis Tilley (RETIRED) 2004-07-08 11:27:00 0000 -------

stable on amd64

------- Comment #5 From Lars Weiler (RETIRED) 2004-07-08 13:37:20 0000 -------

Stable on ppc.

------- Comment #6 From Jason Wever (RETIRED) 2004-07-08 14:58:58 0000 -------

Stable on sparc.

------- Comment #7 From Thierry Carrez (RETIRED) 2004-07-09 01:12:15 0000 -------

Supported arches are stable, this is ready for a GLSA.

------- Comment #8 From Sune Kloppenborg Jeppesen 2004-07-09 04:17:33 0000 -------

GLSA drafted : security please review

------- Comment #9 From Kurt Lieber 2004-07-09 07:31:59 0000 -------

glsa 200407-08

------- Comment #10 From Bryan Østergaard (RETIRED) 2004-07-09 12:57:29 0000 -------

Stable on alpha as well.

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 56423

net-analyzer/ethereal-0.10.5 fixes security bugs in iSNS, SMB, and SNMP

Last modified: 2004-09-23 06:14:25 0000