dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


SOT Linux Advisory: Ethereal

Apr 06, 2004, 19:59 (0 Talkback[s])

SOT Linux Security Advisory

Subject: Updated ethereal package for SOT Linux 2003
Advisory ID: SLSA-2004:11
Date: Tuesday, April 6, 2004
Product: SOT Linux 2003


1. Problem description

Ethereal is a program for monitoring network traffic.

Stefan Esser reported that Ethereal versions 0.10.1 and earlier contain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors. On a system where Ethereal is being run a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0176 to this issue.

Jonathan Heussser discovered that a carefully-crafted RADIUS packet could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0365 to this issue.

Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2004-0367 to this issue.

Users of Ethereal should upgrade to these updated packages, which contain a version of Ethereal that is not vulnerable to these issues.

2. Updated packages

SOT Linux 2003 Server:

i386:
ftp://ftp.sot.com/updates/2003/Server/i386/ethereal-base-0.10.3-2.i386.rpm
ftp://ftp.sot.com/updates/2003/Server/i386/ethereal-gtk+-0.10.3-2.i386.rpm
ftp://ftp.sot.com/updates/2003/Server/i386/ethereal-kde-0.10.3-2.i386.rpm
ftp://ftp.sot.com/updates/2003/Server/i386/ethereal-usermode-0.10.3-2.i386.rpm

SRPMS:
ftp://ftp.sot.com/updates/2003/Server/SRPMS/ethereal-0.10.3-2.src.rpm

3. Upgrading package

Before applying this update, make sure all previously released errata relevant to your system have been applied.

Use up2date to automatically upgrade the fixed packages.

If you want to upgrade manually, download the updated package from the SOT Linux FTP site (use the links above) or from one of our mirrors. The list of mirrors can be obtained at www.sot.com/en/linux

Update the package with the following command: rpm -Uvh <filename>

4. Verification

All packages are PGP signed by SOT for security.

You can verify each package with the following command: rpm --checksig <filename>

If you wish to verify the integrity of the downloaded package, run "md5sum <filename>" and compare the output with data given below.

Package Name MD5 sum


/Server/i386/ethereal-base-0.10.3-2.i386.rpm 50d25392d233acac89003693450cec8d
/Server/i386/ethereal-gtk+-0.10.3-2.i386.rpm 798913f3f506dc7b94cb2f00339d5577
/Server/i386/ethereal-kde-0.10.3-2.i386.rpm e6799d64909e1f3267216158fc4dd10a
/Server/i386/ethereal-usermode-0.10.3-2.i386.rpm 20bea2374834f25b03107f76c2008074
/Server/SRPMS/ethereal-0.10.3-2.src.rpm d23ef651947b4a45f5c5be705559010f

5. References

http://www.ethereal.com/appnotes/enpa-sa-00013.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367

Copyright(c) 2001-2003 SOT