115030 – net-analyzer/ethereal OSPF Protocol Vulnerability (CVE-2005-3651)

Bug 115030 - net-analyzer/ethereal OSPF Protocol Vulnerability (CVE-2005-3651)

Summary: net-analyzer/ethereal OSPF Protocol Vulnerability (CVE-2005-3651)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B1? [glsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2005-12-09 14:58 UTC by Chris White (RETIRED)
Modified:	2005-12-14 10:13 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
ethereal-0.10.13-packet-ospf.diff (ethereal-0.10.13-packet-ospf.diff,18.11 KB, patch) 2005-12-10 06:42 UTC, Marcelo Goes (RETIRED)	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris White (RETIRED) gentoo-dev

2005-12-09 14:58:17 UTC

http://www.idefense.com/application/poi/display?id=349&type=vulnerabilities

Patch:

http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/epan/dissectors/packet-
ospf.c?rev=16507&view=markup

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-12-10 05:24:01 UTC

Netmon please advise and bump as necessary.

Comment 2 Marcelo Goes (RETIRED) gentoo-dev

2005-12-10 06:42:23 UTC

Created attachment 74428 [details, diff]
ethereal-0.10.13-packet-ospf.diff

Anyone care to review this patch?

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2005-12-11 09:56:54 UTC

Patch comes from upstream, I guess it's OK...

Comment 4 Marcelo Goes (RETIRED) gentoo-dev

2005-12-11 10:44:26 UTC

Okies, ethereal-0.10.13-r2 has the patch.

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-12-11 13:26:44 UTC

Arches please test and mark stable.

Comment 6 Jason Wever (RETIRED) gentoo-dev

2005-12-11 13:37:46 UTC

Patch fails to apply as it had a CVS tag in it that got munged when committed

Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-12-11 13:45:44 UTC

Back to ebuild.

Comment 8 Markus Rothe (RETIRED) gentoo-dev

2005-12-11 13:55:39 UTC

weeve: commit it with "cvs add -ko" (I guess you found out already yourself...)

Comment 9 Jason Wever (RETIRED) gentoo-dev

2005-12-11 13:58:59 UTC

No I haven't.  You'll want to direct that comment at vanquirius as he was the
commit culprit.

Comment 10 Marcelo Goes (RETIRED) gentoo-dev

2005-12-11 14:18:01 UTC

Ok, new version of the patch is in cvs.
Sorry for the trouble.

Comment 11 Jason Wever (RETIRED) gentoo-dev

2005-12-11 19:24:43 UTC

Builds here on sparc.  Are there any sample packet captures to test this issue?

Comment 12 Joshua Jackson (RETIRED) gentoo-dev

2005-12-11 19:45:21 UTC

stable on x86

Comment 13 Markus Rothe (RETIRED) gentoo-dev

2005-12-12 01:49:30 UTC

stable on ppc64

Comment 14 Thierry Carrez (RETIRED) gentoo-dev

2005-12-12 03:37:21 UTC

Jason: no test capture, sorry.

Comment 15 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-12-12 12:32:10 UTC

Stable on ppc.

Comment 16 Daniel Gryniewicz (RETIRED) gentoo-dev

2005-12-12 12:46:58 UTC

amd64 done.

Comment 17 Gustavo Zacarias (RETIRED) gentoo-dev

2005-12-13 10:56:50 UTC

sparc stable.

Comment 18 Bryan Østergaard (RETIRED) gentoo-dev

2005-12-13 12:20:12 UTC

Stable on alpha + ia64.

Comment 19 Thierry Carrez (RETIRED) gentoo-dev

2005-12-14 10:13:07 UTC

GLSA 200512-06