SOT Linux Advisory: EtherealApr 06, 2004, 19:59 (0 Talkback[s])
SOT Linux Security Advisory
Subject: Updated ethereal package for SOT Linux 2003
1. Problem description
Ethereal is a program for monitoring network traffic.
Stefan Esser reported that Ethereal versions 0.10.1 and earlier contain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors. On a system where Ethereal is being run a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0176 to this issue.
Jonathan Heussser discovered that a carefully-crafted RADIUS packet could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0365 to this issue.
Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0367 to this issue.
Users of Ethereal should upgrade to these updated packages, which contain a version of Ethereal that is not vulnerable to these issues.
2. Updated packages
SOT Linux 2003 Server:
3. Upgrading package
Before applying this update, make sure all previously released errata relevant to your system have been applied.
Use up2date to automatically upgrade the fixed packages.
If you want to upgrade manually, download the updated package from the SOT Linux FTP site (use the links above) or from one of our mirrors. The list of mirrors can be obtained at www.sot.com/en/linux
Update the package with the following command: rpm -Uvh <filename>
All packages are PGP signed by SOT for security.
You can verify each package with the following command: rpm --checksig <filename>
If you wish to verify the integrity of the downloaded package, run "md5sum <filename>" and compare the output with data given below.
Package Name MD5 sum
Copyright(c) 2001-2003 SOT
0 Talkback[s] (click to add your comment)