from the securityfocus.com: Ethereal is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way Ethereal decodes Resource ReSerVation Protocol (RSVP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed RSVP packets resulting in the software hanging. Ethereal versions up to and including 0.10.10 are reported prone to this issue. Reproducible: Always Steps to Reproduce: The following exploit is available: http://www.securityfocus.com/data/vulnerabilities/exploits/xtcpdump+ethr-rsvp-dos.c No patches are currently (26/4/05, 23:55, GMT+2) available.
"It is reported that the vendor has addressed this vulnerability in Ethereal version 0.10.10 SVN>14167."
0.10.11 is out. On my way out the door to work. If no one bumps it by the time I get home in the morning, I'll take care of it.
Committed 0.10.11 masked. I'm have trouble running it under grsec. Wondering if knows how easy this is to fix? mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x52e91000 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x52e90000 mprotect(0x2656b000, 4096, PROT_READ) = 0 mprotect(0x25d8c000, 765952, PROT_READ) = 0 mprotect(0x2518f000, 4096, PROT_READ) = 0 mprotect(0x1534a000, 1806336, PROT_READ|PROT_WRITE) = -1 EACCES (Permission denied) writev(2, [{"ethereal", 8}, {": ", 2}, {"error while loading shared libra"..., 36}, {": ", 2}, {"", 0}, {"", 0}, {"cannot make segment writable for"..., 43}, {": ", 2}, {"Permission denied", 17}, {"\n", 1}], 10ethereal: error while loading shared libraries: cannot make segment writable for relocation: Permission denied ) = 111 exit_group(127) = ? frog # ethereal ethereal: error while loading shared libraries: cannot make segment writable for relocation: Permission denied frog # uname -a Linux frog.local 2.6.11-hardened-r1 #3 Mon May 2 20:58:24 EST 2005 i686 AMD Athlon(tm) XP 1900+ AuthenticAMD GNU/Linux frog # emerge info Portage 2.0.51.21 (default-linux/x86/2005.0, gcc-3.4.3-20050110, glibc-2.3.4.20041102-r1, 2.6.11-hardened-r1 i686) ================================================================= System uname: 2.6.11-hardened-r1 i686 AMD Athlon(tm) XP 1900+ Gentoo Base System version 1.4.16 distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [disabled] dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.3 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.4 sys-devel/binutils: 2.15.92.0.2-r8 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.8.1-r2
sorry toolchain. Own fault - bad pic/hardened setup on my part. remerging now. Had moreon in #hardened say 0.10.11 was working ok.
working ok - ready for arch test.
stable on amd64
Marked PPC64 stable
sparc stable.
Many more vulnerabilities were fixed. See URL.
*** Bug 91597 has been marked as a duplicate of this bug. ***
*** Bug 90574 has been marked as a duplicate of this bug. ***
alpha and ia64 to go. Last one out can you please remove all previous versions. Thankyou,
Stable on alpha + ia64. Also cleaned out old ebuilds as requested.
Thx everyone. GLSA 200505-03
