From security@mandriva.com Wed Oct 26 17:31:08 2005 From: Mandriva Security Team To: full-disclosure@lists.grok.org.uk Date: Wed, 26 Oct 2005 15:30:35 -0600 Subject: [Full-disclosure] MDKSA-2005:193-1 - Updated ethereal packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2005:193-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ethereal Date : October 26, 2005 Affected: 10.2, 2006.0 _______________________________________________________________________ Problem Description: Ethereal 0.10.13 is now available fixing a number of security vulnerabilities in various dissectors: - the ISAKMP dissector could exhaust system memory - the FC-FCS dissector could exhaust system memory - the RSVP dissector could exhaust system memory - the ISIS LSP dissector could exhaust system memory - the IrDA dissector could crash - the SLIMP3 dissector could overflow a buffer - the BER dissector was susceptible to an infinite loop - the SCSI dissector could dereference a null pointer and crash - the sFlow dissector could dereference a null pointer and crash - the RTnet dissector could dereference a null pointer and crash - the SigComp UDVM could go into an infinite loop or crash - the X11 dissector could attempt to divide by zero - if SMB transaction payload reassembly is enabled the SMB dissector could crash (by default this is disabled) - if the "Dissect unknown RPC program numbers" option was enabled, the ONC RPC dissector might be able to exhaust system memory (by default this is disabled) - the AgentX dissector could overflow a buffer - the WSP dissector could free an invalid pointer - iDEFENSE discovered a buffer overflow in the SRVLOC dissector The new version of Ethereal is provided and corrects all of these issues. Update: An infinite loop in the IRC dissector was also discovered and fixed after the 0.10.13 release. The updated packages include the fix. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3247 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3184 http://www.ethereal.com/appnotes/enpa-sa-00021.html _______________________________________________________________________ Updated Packages: Mandriva Linux 10.2: 30d68fb7d3dd3e10f99ce0e4067e29e3 10.2/RPMS/ethereal-0.10.13-0.2.102mdk.i586.rpm ee195abe7f3fd9abe3db39cd3b497a8c 10.2/RPMS/ethereal-tools-0.10.13-0.2.102mdk.i586.rpm 8930ea673040d37f41ad955412ba3623 10.2/RPMS/libethereal0-0.10.13-0.2.102mdk.i586.rpm 3bc4bd7208feaf92f77f3a83b0f3281b 10.2/RPMS/tethereal-0.10.13-0.2.102mdk.i586.rpm 7fe65f07557a9dcb662eb1b6967ce31f 10.2/SRPMS/ethereal-0.10.13-0.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: cb69d27d896a19a03fe1c05effffe98d x86_64/10.2/RPMS/ethereal-0.10.13-0.2.102mdk.x86_64.rpm 28dca424f2fdef25ab9b5f2115c7b577 x86_64/10.2/RPMS/ethereal-tools-0.10.13-0.2.102mdk.x86_64.rpm b47935d8d59d817e69b54d2487e12445 x86_64/10.2/RPMS/lib64ethereal0-0.10.13-0.2.102mdk.x86_64.rpm e717805302885ba4af36a16768f93668 x86_64/10.2/RPMS/tethereal-0.10.13-0.2.102mdk.x86_64.rpm 7fe65f07557a9dcb662eb1b6967ce31f x86_64/10.2/SRPMS/ethereal-0.10.13-0.2.102mdk.src.rpm Mandriva Linux 2006.0: 993d95642384bf74c9ed2f7279caa3b2 2006.0/RPMS/ethereal-0.10.13-0.2.20060mdk.i586.rpm a8cb961f3fee116724f8af4ce64f8244 2006.0/RPMS/ethereal-tools-0.10.13-0.2.20060mdk.i586.rpm ef572149f1c053ddcf47afa4c704ca58 2006.0/RPMS/libethereal0-0.10.13-0.2.20060mdk.i586.rpm 21d6112631fa025e0b01b2fe7698aada 2006.0/RPMS/tethereal-0.10.13-0.2.20060mdk.i586.rpm 04595febee4cf49a9e851563ef8975c9 2006.0/SRPMS/ethereal-0.10.13-0.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: a1af50cf48c2d44c44b0068ee265609f x86_64/2006.0/RPMS/ethereal-0.10.13-0.2.20060mdk.x86_64.rpm c4c26c4bcd136c8a8d540c62e51ba8f5 x86_64/2006.0/RPMS/ethereal-tools-0.10.13-0.2.20060mdk.x86_64.rpm fc393647ae421ef0e9b60967bc22b65e x86_64/2006.0/RPMS/lib64ethereal0-0.10.13-0.2.20060mdk.x86_64.rpm ca89deabfae41880a7e37e6e70451caf x86_64/2006.0/RPMS/tethereal-0.10.13-0.2.20060mdk.x86_64.rpm 04595febee4cf49a9e851563ef8975c9 x86_64/2006.0/SRPMS/ethereal-0.10.13-0.2.20060mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDX/V7mqjQ0CJFipgRAgJzAKCS/Qu4ySCH+ysIjUWnVwldSLMcPQCfSe9j cLKewlLPlR86eNfiWtUkavg= =Ofo7 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/