383689 – (CVE-2011-3369) <net-analyzer/etherape-0.9.12 DoS (crash) by processing certain RPC traffic packets (CVE-2011-3369)

Bug 383689 (CVE-2011-3369) - <net-analyzer/etherape-0.9.12 DoS (crash) by processing certain RPC traffic packets (CVE-2011-3369)

Summary: <net-analyzer/etherape-0.9.12 DoS (crash) by processing certain RPC traffic p...

Status:	RESOLVED FIXED

Alias:	CVE-2011-3369

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	http://sourceforge.net/tracker/?func=...
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2011-09-19 19:56 UTC by Sean Amoss (RETIRED)
Modified:	2011-10-08 21:02 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sean Amoss (RETIRED) gentoo-dev

2011-09-19 19:56:45 UTC

A NULL pointer dereference flaw was found in the way EtherApe, a graphical
network monitor, decoded certain RPC packets. A remote attacker could provide a
specially-crafted packet capture file, which once opened by a local
unsuspecting user could lead to denial of service (etherape executable crash).


Reproducible: Always

Comment 1 Sean Amoss (RETIRED) gentoo-dev

2011-09-19 19:59:44 UTC

Arches, please test and mark stable:

=net-analyzer/etherape-0.9.12
target KEYWORDS : "amd64 ppc ppc64 sparc x86"

Comment 2 Agostino Sarubbo gentoo-dev

2011-09-19 22:28:42 UTC

Just point bug 383727 but is not a blocker.

amd64 ok

Comment 3 Elijah "Armageddon" El Lazkani (amd64 AT) 2011-09-20 01:26:03 UTC

amd64: pass

Comment 4 Andreas Schürch gentoo-dev

2011-09-20 15:53:54 UTC

x86 stable.

Comment 5 Tony Vroon (RETIRED) gentoo-dev

2011-09-20 16:11:39 UTC

+  20 Sep 2011; Tony Vroon <chainsaw@gentoo.org> etherape-0.9.12.ebuild:
+  Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo &
+  Elijah "Armageddon" El Lazkani in security bug #383689 filed by Sean Amoss.

Comment 6 Raúl Porcel (RETIRED) gentoo-dev

2011-09-24 16:19:09 UTC

sparc stable

Comment 7 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev

2011-09-27 19:32:12 UTC

ppc/ppc64 stable, last arch done

Comment 8 Tim Sammut (RETIRED) gentoo-dev

2011-09-27 19:34:05 UTC

Thanks, everyone. GLSA Vote: no.

Comment 9 GLSAMaker/CVETool Bot gentoo-dev

2011-10-07 22:50:10 UTC

CVE-2011-3369 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3369):
  The add_conversation function in conversations.c in EtherApe before 0.9.12
  allows remote attackers to cause a denial of service (NULL pointer
  dereference and application crash) via an RPC packet, related to the get_rpc
  function in decode_proto.c.

Comment 10 Stefan Behte (RETIRED) gentoo-dev

2011-10-08 21:02:57 UTC

Vote: NO. Closing noglsa.