Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 90539

Summary: net-analyzer/ethereal Many many vulnerabilities
Product: Gentoo Security Reporter: Adir Abraham <adirab>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: formula7, jaervosz, netmon
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.ethereal.com/appnotes/enpa-sa-00019.html
Whiteboard: B0 [glsa] jaervosz
Package list:
Runtime testing required: ---
Bug Depends on: 91660    
Bug Blocks:    

Description Adir Abraham 2005-04-26 13:54:59 UTC 
from the securityfocus.com:

Ethereal is prone to a vulnerability that may allow a remote attacker to cause a denial of service condition in the software. The issue occurs due to the way Ethereal decodes Resource ReSerVation Protocol (RSVP) packets. A remote attacker may cause the software to enter an infinite loop by sending malformed RSVP packets resulting in the software hanging.

Ethereal versions up to and including 0.10.10 are reported prone to this issue.

Reproducible: Always
Steps to Reproduce:




The following exploit is available:
http://www.securityfocus.com/data/vulnerabilities/exploits/xtcpdump+ethr-rsvp-dos.c

No patches are currently (26/4/05, 23:55, GMT+2) available.
Comment 1 Robert Paskowitz (RETIRED) gentoo-dev 2005-05-02 13:59:21 UTC 
"It is reported that the vendor has addressed this vulnerability in Ethereal version 0.10.10 SVN>14167."
Comment 2 Aaron Walker (RETIRED) gentoo-dev 2005-05-04 18:55:41 UTC 
0.10.11 is out.  On my way out the door to work.  If no one bumps it by the time I get home in the morning, I'll take care of it.
Comment 3 Daniel Black (RETIRED) gentoo-dev 2005-05-04 22:58:51 UTC 
Committed 0.10.11 masked. I'm have trouble running it under grsec. Wondering if knows how easy this is to fix?

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x52e91000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x52e90000
mprotect(0x2656b000, 4096, PROT_READ)   = 0
mprotect(0x25d8c000, 765952, PROT_READ) = 0
mprotect(0x2518f000, 4096, PROT_READ)   = 0
mprotect(0x1534a000, 1806336, PROT_READ|PROT_WRITE) = -1 EACCES (Permission denied)
writev(2, [{"ethereal", 8}, {": ", 2}, {"error while loading shared libra"..., 36}, {": ", 2}, {"", 0}, {"", 0}, {"cannot make segment writable for"..., 43}, {": ", 2}, {"Permission denied", 17}, {"\n", 1}], 10ethereal: error while loading shared libraries: cannot make segment writable for relocation: Permission denied
) = 111
exit_group(127)                         = ?
frog # ethereal
ethereal: error while loading shared libraries: cannot make segment writable for relocation: Permission denied
frog # uname -a
Linux frog.local 2.6.11-hardened-r1 #3 Mon May 2 20:58:24 EST 2005 i686 AMD Athlon(tm) XP 1900+ AuthenticAMD GNU/Linux
frog # emerge info
Portage 2.0.51.21 (default-linux/x86/2005.0, gcc-3.4.3-20050110, glibc-2.3.4.20041102-r1, 2.6.11-hardened-r1 i686)
=================================================================
System uname: 2.6.11-hardened-r1 i686 AMD Athlon(tm) XP 1900+
Gentoo Base System version 1.4.16
distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.3 [disabled]
dev-lang/python:     2.3.5
sys-apps/sandbox:    1.2.3
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.4
sys-devel/binutils:  2.15.92.0.2-r8
sys-devel/libtool:   1.5.16
virtual/os-headers:  2.6.8.1-r2
Comment 4 Daniel Black (RETIRED) gentoo-dev 2005-05-05 01:24:02 UTC 
sorry toolchain. Own fault - bad pic/hardened setup on my part. remerging now.

Had moreon in #hardened say 0.10.11 was working ok.
Comment 5 Daniel Black (RETIRED) gentoo-dev 2005-05-05 05:08:12 UTC 
working ok - ready for arch test.
Comment 6 Jan Brinkmann (RETIRED) gentoo-dev 2005-05-05 06:06:19 UTC 
stable on amd64
Comment 7 Omkhar Arasaratnam (RETIRED) gentoo-dev 2005-05-05 06:55:09 UTC 
Marked PPC64 stable
Comment 8 Gustavo Zacarias (RETIRED) gentoo-dev 2005-05-05 08:36:23 UTC 
sparc stable.
Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-05 12:26:47 UTC 
Many more vulnerabilities were fixed. See URL.
Comment 10 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-05 12:27:22 UTC 
*** Bug 91597 has been marked as a duplicate of this bug. ***
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-05 12:27:47 UTC 
*** Bug 90574 has been marked as a duplicate of this bug. ***
Comment 12 Daniel Black (RETIRED) gentoo-dev 2005-05-06 01:34:19 UTC 
alpha and ia64 to go. Last one out can you please remove all previous versions. Thankyou,
Comment 13 Bryan Østergaard (RETIRED) gentoo-dev 2005-05-06 09:26:30 UTC 
Stable on alpha + ia64. Also cleaned out old ebuilds as requested.
Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-06 11:07:03 UTC 
Thx everyone.

GLSA 200505-03