From security@caldera.com Sun Oct 27 17:55:22 2002 From: security@caldera.com To: bugtraq@securityfocus.com, announce@lists.caldera.com, security-alerts@linuxsecurity.com, full-disclosure@lists.netsys.com Date: Thu, 24 Oct 2002 13:35:56 -0700 Reply-To: please_reply_to_security@caldera.com Subject: Security Update: [CSSA-2002-037.0] Linux: various packet handling vunerabilities in ethereal To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com ______________________________________________________________________________ SCO Security Advisory Subject: Linux: various packet handling vunerabilities in ethereal Advisory number: CSSA-2002-037.0 Issue date: 2002 October 24 Cross reference: ______________________________________________________________________________ 1. Problem Description The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields. SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer. Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption). 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to ethereal-0.9.4-1.i386.rpm OpenLinux 3.1.1 Workstation prior to ethereal-0.9.4-1.i386.rpm OpenLinux 3.1 Server prior to ethereal-0.9.4-1.i386.rpm OpenLinux 3.1 Workstation prior to ethereal-0.9.4-1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-037.0/RPMS 4.2 Packages 9a40c4a30048082eddf7944d80ff4dbe ethereal-0.9.4-1.i386.rpm 4.3 Installation rpm -Fvh ethereal-0.9.4-1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-037.0/SRPMS 4.5 Source Packages 8f22f36b6603d154a09b7b3145d2d987 ethereal-0.9.4-1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-037.0/RPMS 5.2 Packages 9260d8dee3344ae25b29a149be6af9e1 ethereal-0.9.4-1.i386.rpm 5.3 Installation rpm -Fvh ethereal-0.9.4-1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-037.0/SRPMS 5.5 Source Packages 256b4438061bbae6aab557728e179ee4 ethereal-0.9.4-1.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-037.0/RPMS 6.2 Packages cc2c9ee1a4f25c264519061a937e0cda ethereal-0.9.4-1.i386.rpm 6.3 Installation rpm -Fvh ethereal-0.9.4-1.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-037.0/SRPMS 6.5 Source Packages e04a540fdddb2b48032d3ada7a5f6ae6 ethereal-0.9.4-1.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-037.0/RPMS 7.2 Packages 2f13e3ae77bbfeabae68fe358ad120c6 ethereal-0.9.4-1.i386.rpm 7.3 Installation rpm -Fvh ethereal-0.9.4-1.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-037.0/SRPMS 7.5 Source Packages e18cd26d3cee11344e80432b9043b732 ethereal-0.9.4-1.src.rpm 8. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0404 http://www.ethereal.com/appnotes/enpa-sa-00004.html SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr863791, fz520851, erg712037. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ [ Part 2, Application/PGP-SIGNATURE 245bytes. ] [ Unable to print this part. ]