Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 56423 - net-analyzer/ethereal-0.10.5 fixes security bugs in iSNS, SMB, and SNMP
Summary: net-analyzer/ethereal-0.10.5 fixes security bugs in iSNS, SMB, and SNMP
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High blocker (vote)
Assignee: Gentoo Security
Whiteboard: B0 [glsa]
Depends on:
Reported: 2004-07-08 01:20 UTC by Carsten Lohrke (RETIRED)
Modified: 2011-10-30 22:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2004-07-08 01:20:04 UTC

Issues have been discovered in the following protocol dissectors:

    * The iSNS dissector could make Ethereal abort in some cases. (0.10.3 - 0.10.4)
    * SMB SID snooping could crash if there was no policy name for a handle. (0.9.15 - 0.10.4)
    * The SNMP dissector could crash due to a malformed or missing community string. (0.8.15 - 0.10.4)


It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-07-08 02:11:24 UTC
netmon: please bump ethereal to 0.10.5.

Target keywords based on previous vulnerable ebuilds: "alpha amd64 ia64 ppc sparc x86"
Comment 2 Eldad Zack (RETIRED) gentoo-dev 2004-07-08 09:57:25 UTC
0.10.5, in portage now, I've marked x86 stable.
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2004-07-08 10:29:58 UTC
Arches: please mark stable
Comment 4 Travis Tilley (RETIRED) gentoo-dev 2004-07-08 11:27:00 UTC
stable on amd64
Comment 5 Lars Weiler (RETIRED) gentoo-dev 2004-07-08 13:37:20 UTC
Stable on ppc.
Comment 6 Jason Wever (RETIRED) gentoo-dev 2004-07-08 14:58:58 UTC
Stable on sparc.
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2004-07-09 01:12:15 UTC
Supported arches are stable, this is ready for a GLSA.
Comment 8 Sune Kloppenborg Jeppesen gentoo-dev 2004-07-09 04:17:33 UTC
GLSA drafted : security please review
Comment 9 Kurt Lieber (RETIRED) gentoo-dev 2004-07-09 07:31:59 UTC
glsa 200407-08
Comment 10 Bryan Østergaard (RETIRED) gentoo-dev 2004-07-09 12:57:29 UTC
Stable on alpha as well.