Summary: | net-analyzer/ethereal Many many vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Adir Abraham <adirab> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | formula7, jaervosz, netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.ethereal.com/appnotes/enpa-sa-00019.html | ||
Whiteboard: | B0 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 91660 | ||
Bug Blocks: |
Description
Adir Abraham
2005-04-26 13:54:59 UTC
"It is reported that the vendor has addressed this vulnerability in Ethereal version 0.10.10 SVN>14167." 0.10.11 is out. On my way out the door to work. If no one bumps it by the time I get home in the morning, I'll take care of it. Committed 0.10.11 masked. I'm have trouble running it under grsec. Wondering if knows how easy this is to fix? mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x52e91000 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x52e90000 mprotect(0x2656b000, 4096, PROT_READ) = 0 mprotect(0x25d8c000, 765952, PROT_READ) = 0 mprotect(0x2518f000, 4096, PROT_READ) = 0 mprotect(0x1534a000, 1806336, PROT_READ|PROT_WRITE) = -1 EACCES (Permission denied) writev(2, [{"ethereal", 8}, {": ", 2}, {"error while loading shared libra"..., 36}, {": ", 2}, {"", 0}, {"", 0}, {"cannot make segment writable for"..., 43}, {": ", 2}, {"Permission denied", 17}, {"\n", 1}], 10ethereal: error while loading shared libraries: cannot make segment writable for relocation: Permission denied ) = 111 exit_group(127) = ? frog # ethereal ethereal: error while loading shared libraries: cannot make segment writable for relocation: Permission denied frog # uname -a Linux frog.local 2.6.11-hardened-r1 #3 Mon May 2 20:58:24 EST 2005 i686 AMD Athlon(tm) XP 1900+ AuthenticAMD GNU/Linux frog # emerge info Portage 2.0.51.21 (default-linux/x86/2005.0, gcc-3.4.3-20050110, glibc-2.3.4.20041102-r1, 2.6.11-hardened-r1 i686) ================================================================= System uname: 2.6.11-hardened-r1 i686 AMD Athlon(tm) XP 1900+ Gentoo Base System version 1.4.16 distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [disabled] dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.3 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.4 sys-devel/binutils: 2.15.92.0.2-r8 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.8.1-r2 sorry toolchain. Own fault - bad pic/hardened setup on my part. remerging now. Had moreon in #hardened say 0.10.11 was working ok. working ok - ready for arch test. stable on amd64 Marked PPC64 stable sparc stable. Many more vulnerabilities were fixed. See URL. *** Bug 91597 has been marked as a duplicate of this bug. *** *** Bug 90574 has been marked as a duplicate of this bug. *** alpha and ia64 to go. Last one out can you please remove all previous versions. Thankyou, Stable on alpha + ia64. Also cleaned out old ebuilds as requested. Thx everyone. GLSA 200505-03 |