Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 45543 - Multiple (13) Ethereal remote overflows discovered by Stefan Esser
Summary: Multiple (13) Ethereal remote overflows discovered by Stefan Esser
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: Highest critical (vote)
Assignee: Gentoo Security
: 45964 (view as bug list)
Depends on:
Reported: 2004-03-23 13:51 UTC by Tobias Weisserth
Modified: 2011-10-30 22:39 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Weisserth 2004-03-23 13:51:11 UTC
This was posted on bugtraq today by Stefan Esser (e-matters):

Application: Ethereal 0.8.14 - 0.10.2
Severity: 13 remotely triggerable vulnerabilities were discovered in the multiprotocol packet sniffer Ethereal that allow remote compromise
Risk: Critical
Vendor Status: Plans to release a fixed version within this week

Reproducible: Always
Steps to Reproduce:
Details: visit e-matters advisory for details
Actual Results:  
Details: visit e-matters advisory for details

Expected Results:  
Details: visit e-matters advisory for details
Comment 1 solar (RETIRED) gentoo-dev 2004-03-23 21:13:55 UTC
As of now now still no 0.10.3 at sf.
Comment 2 Joshua J. Berry (CondorDes) (RETIRED) gentoo-dev 2004-03-24 20:55:05 UTC
A better URL for checking for a new Ethereal release:

The other URL complains about a file not being found.  I'm putting this in a comment so I don't have to keep hunting for the Ethereal page each time I check it. ;)
Comment 3 Joshua J. Berry (CondorDes) (RETIRED) gentoo-dev 2004-03-26 11:38:35 UTC
This is version-bumpable with no changes to the ebuild.

It emerged with no problems for me, and tethereal works fine.  Haven't tried the GUI version.

Also, this package has no metadata.xml file.  I don't know what herd to assign it to, so I picked names that showed up the most times in the ebuild ChangeLog.  I hope this is the right thing to do -- sorry for bothering you guys if it's not.
Comment 4 gen2daniel 2004-03-27 08:55:24 UTC

ethereal 0.10.3 is out!!

 Serious issues have been discovered in the following protocol dissectors:

    * Stefan Esser discovered thirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP. (CAN-2004-0176)
    * A zero-length Presentation protocol selector could make Ethereal crash. (CAN-2004-0367)
    * Jonathan Heussser discovered that a carefully-crafted RADIUS packet could cause a crash. (CAN-2004-0365)
    * A corrupt color filter file could cause a segmentation fault. 


It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file.


Upgrade to 0.10.3.

cp ethereal-0.10.2.ebuild ethereal-0.10.3.ebuild
ebuild ethereal-0.10.3.ebuild digest
emerge ethereal-0.10.3.ebuild

ethereal works without any problems incl. gui
Comment 5 solar (RETIRED) gentoo-dev 2004-03-27 09:49:53 UTC
ethereal-0.10.3 in portage as
KEYWORDS="~x86 ~sparc ~ppc ~alpha ~amd64 ~ia64"

Arch maintainers please test and mark stable when your ready.
Comment 6 Jason Wever (RETIRED) gentoo-dev 2004-03-27 12:31:40 UTC
Stable on sparc.
Comment 7 Jason Huebel (RETIRED) gentoo-dev 2004-03-27 15:06:12 UTC
stable on amd64
Comment 8 Luca Barbato gentoo-dev 2004-03-27 17:35:16 UTC
Stable on ppc
Comment 9 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2004-03-28 13:30:21 UTC
*** Bug 45964 has been marked as a duplicate of this bug. ***
Comment 10 Wernfried Haas (RETIRED) gentoo-dev 2004-03-29 07:28:38 UTC
Is there a special reason why RESTRICT="nomirror" is set in the ebuild for 
ethereal-0.10.3 or was this simply forgotten when unmasking it? (same also applies for ethereal-0.10.2.ebuild)
Comment 11 Gerald Combs 2004-03-29 09:13:41 UTC
(Replying to comments 1 and 2)  FWIW, the canonical location for the Ethereal source distribution is

The mirror URL _should_ work, but I can only guarantee the URL.
Comment 12 Kurt Lieber (RETIRED) gentoo-dev 2004-03-29 23:19:12 UTC
GLSA ID: 200403-07