| Summary: | net-analyzer/ethereal-0.10.5 fixes security bugs in iSNS, SMB, and SNMP | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Carsten Lohrke (RETIRED) <carlo> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | blocker | CC: | netmon |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | B0 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
netmon: please bump ethereal to 0.10.5. Target keywords based on previous vulnerable ebuilds: "alpha amd64 ia64 ppc sparc x86" 0.10.5, in portage now, I've marked x86 stable. Arches: please mark stable stable on amd64 Stable on ppc. Stable on sparc. Supported arches are stable, this is ready for a GLSA. GLSA drafted : security please review glsa 200407-08 Stable on alpha as well. |
Description: Issues have been discovered in the following protocol dissectors: * The iSNS dissector could make Ethereal abort in some cases. (0.10.3 - 0.10.4) * SMB SID snooping could crash if there was no policy name for a handle. (0.9.15 - 0.10.4) * The SNMP dissector could crash due to a malformed or missing community string. (0.8.15 - 0.10.4) Impact: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. http://www.ethereal.com/appnotes/enpa-sa-00015.html