Bug 156911 - multiple ethereal security issues
multiple ethereal security issues
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: ethereal (Show other bugs)
4.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Radek Vokal
http://www.ethereal.com/news/item_200...
impact=important,embargoed=20050503,s...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-05-05 02:34 EDT by Radek Vokal
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-24 13:27:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Radek Vokal 2005-05-05 02:34:10 EDT
An aggressive testing program as well as independent discovery has turned up a
multitude of security issues:

The ANSI A dissector was susceptible to format string vulnerabilities.
Discovered by Bryan Fulton. Versions affected: 0.9.15 to 0.10.10

The GSM MAP dissector could crash. Versions affected: 0.10.0 to 0.10.10

The AIM dissector could cause a crash. Versions affected: 0.9.14 to 0.10.10

The DISTCC dissector was susceptible to a buffer overflow. Discovered by Ilja
van Sprundel Versions affected: 0.9.13 to 0.10.10

The FCELS dissector was susceptible to a buffer overflow. Discovered by Neil
Kettle Versions affected: 0.9.9 to 0.10.10

The SIP dissector was susceptible to a buffer overflow. Discovered by Ejovi
Nuwere. Versions affected: 0.10.0 to 0.10.10

The KINK dissector was susceptible to a null pointer exception, endless looping,
and other problems. Versions affected: 0.10.10

The LMP dissector was susceptible to an endless loop. Versions affected: 0.9.4
to 0.10.10

The Telnet dissector could abort. Versions affected: 0.9.10 to 0.10.10

The TZSP dissector could cause a segmentation fault. Versions affected: 0.10.10
to 0.10.10

The WSP dissector was susceptible to a null pointer exception and assertions.
Versions affected: 0.10.0 to 0.10.10

The 802.3 Slow protocols dissector could throw an assertion. Versions affected:
0.10.10

The BER dissector could throw assertions. Versions affected: 0.10.2 to 0.10.10

The SMB Mailslot dissector was susceptible to a null pointer exception and could
throw assertions. Versions affected: 0.9.0 to 0.10.10

The H.245 dissector was susceptible to a null pointer exception. Versions
affected: 0.10.10

The Bittorrent dissector could cause a segmentation fault. Versions affected:
0.10.8 to 0.10.10

The SMB dissector could cause a segmentation fault and throw assertions.
Versions affected: 0.9.0 to 0.10.10

The Fibre Channel dissector could cause a crash. Versions affected: 0.9.9 to 0.10.10

The DICOM dissector could attempt to allocate large amounts of memory. Versions
affected: 0.10.4 to 0.10.10

The MGCP dissector was susceptible to a null pointer exception, could loop
indefinitely, and segfault. Versions affected: 0.8.14 to 0.10.10

The RSVP dissector could loop indefinitely. Versions affected: 0.9.8 to 0.10.10

The DHCP dissector was susceptible to format string vulnerabilities, and could
abort. Versions affected: 0.10.7 to 0.10.10

The SRVLOC dissector could crash unexpectedly or go into an infinite loop.
Versions affected: 0.9.8 to 0.10.10

The EIGRP dissector could loop indefinitely. Versions affected: 0.8.18 to 0.10.10

The ISIS dissector could overflow a buffer. Versions affected: 0.8.18 to 0.10.10

The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified, and X.509
dissectors could overflow buffers. Versions affected: 0.10.4 to 0.10.10

The NDPS dissector could exhaust system memory or cause an assertion, or crash.
Versions affected: 0.9.12 to 0.10.10

The Q.931 dissector could try to free a null pointer and overflow a buffer.
Versions affected: 0.10.10

The IAX2 dissector could throw an assertion. Versions affected: 0.10.1 to 0.10.10

The ICEP dissector could try to free the same memory twice. Versions affected:
0.10.7 to 0.10.10

The MEGACO dissector was susceptible to an infinite loop and a buffer overflow.
Versions affected: 0.9.14 to 0.10.10

The DLSw dissector was susceptible to an infinite loop. Versions affected: 0.9.1
to 0.10.10

The RPC dissector was susceptible to a null pointer exception. Versions
affected: 0.9.2 to 0.10.10

The NCP dissector could overflow a buffer or loop for a large amount of time.
Versions affected: 0.10.5 to 0.10.10

The RADIUS dissector could throw an assertion. Versions affected: 0.10.3 to 0.10.10

The GSM dissector could access an invalid pointer. Versions affected: 0.10.10

The SMB PIPE dissector could throw an assertion. Versions affected: 0.9.0 to 0.10.10

The L2TP dissector was susceptible to an infinite loop. Versions affected:
0.10.9 to 0.10.10

The SMB NETLOGON dissector could dereference a null pointer. Versions affected:
0.9.12 to 0.10.10

The MRDISC dissector could throw an assertion. Versions affected: 0.8.19 to 0.10.10

The ISUP dissector could overflow a buffer or cause a segmentation fault.
Versions affected: 0.8.19 to 0.10.10

The LDAP dissector could crash. Versions affected: 0.10.1 to 0.10.10

The TCAP dissector could overflow a buffer or throw an assertion. Versions
affected: 0.10.8 to 0.10.10

The NTLMSSP dissector could crash. Versions affected: 0.9.7 to 0.10.10

The Presentation dissector could overflow a buffer. Versions affected: 0.10.1 to
0.10.10

Additionally, a number of dissectors could throw an assertion when passing an
invalid protocol tree item length. Versions affected: 0.10.8 to 0.10.10
Comment 1 Josh Bressers 2005-05-05 09:50:56 EDT
These issues also affect RHEL2.1 and RHEL3
Comment 2 Josh Bressers 2005-05-24 13:27:46 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-427.html

Note You need to log in before you can comment on or make changes to this bug.