Bug 174478 - CAN-2005-3184 Ethereal Stack Buffer Overflow
CAN-2005-3184 Ethereal Stack Buffer Overflow
Status: CLOSED DUPLICATE of bug 152922
Product: Fedora Legacy
Classification: Retired
Component: ethereal (Show other bugs)
rhl7.3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://www.idefense.com/application/p...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-29 09:32 EST by John Dalbec
Modified: 2007-04-18 13:34 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-12-07 08:32:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description John Dalbec 2005-11-29 09:32:59 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20051012 Netscape/8.0.4

Description of problem:
05.43.12 CVE: CAN-2005-3184
Platform: Cross Platform
Title: Ethereal Stack Buffer Overflow
Description: Ethereal is a network analyzer. It is vulnerable to a
remote buffer overflow issue when dissecting Service Location Protocol
(SRVLOC) packets. Ethereal versions 0.10.13 and ealier are vulnerable.
Ref:
http://www.idefense.com/application/poi/display?id=323&type=vulnerabilities&flashstatus=true

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 David Eisenstein 2005-12-05 19:05:41 EST
AFAICT, unless we've been misinformed, problem # 05.43.12 (CAN-2005-3184) is
indeed fixed in ethereal-0.10.13.  The claim, "Ethereal versions 0.1.13 and
earlier are vulnerable," is incorrect.  Instead it should say, "Ethereal
versions 0.10.12 and earlier are vulnerable."

  See Ethereal appnote enpa-sa-00021 at 
     http://www.ethereal.com/appnotes/enpa-sa-00021.html
  and Bug #152922 comment 15.

Perhaps, John, you can inform whoever produced 05.43.12 of their typo?

I would close this bug as a duplicate of Bug #152922.
Comment 2 Pekka Savola 2005-12-07 08:32:01 EST

*** This bug has been marked as a duplicate of 152922 ***

Note You need to log in before you can comment on or make changes to this bug.