LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: ethereal buffer overflow Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems.

- --------------------------------------------------------------------------
Debian Security Advisory DSA 162-1                     security@debian.org 
http://www.debian.org/security/                             Martin Schulze
September 6th, 2002                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ethereal
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Id         : CAN-2002-0834
BugTraq Id     : 5573

Ethereal developers discovered a buffer overflow in the ISIS protocol
dissector.  It may be possible to make Ethereal crash or hang by
injecting a purposefully malformed packet onto the wire, or by
convincing someone to read a malformed packet trace file.  It may be
possible to make Ethereal run arbitrary code by exploiting the buffer
and pointer problems.

This problem has been fixed in version 0.9.4-1woody2 for the current
stable stable distribution (woody), in version 0.8.0-4potato.1 for
the old stable distribution (potato) and in version 0.9.6-1 for the
unstable distribution (sid).

We recommend that you upgrade your ethereal packages.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
- --------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1.dsc
      Size/MD5 checksum:      628 ab3421f7cfe2592bcae97ee21d2037f0
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1.diff.gz
      Size/MD5 checksum:    52487 8f845d3572e699bd09ed8b7590ef5c8c
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0.orig.tar.gz
      Size/MD5 checksum:  1033560 297ae32cc23a154497dad6a1f964bdb1

  Alpha architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_alpha.deb
      Size/MD5 checksum:   725082 8ce2153f5f27d7f6c22aa45187c85a6b

  ARM architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_arm.deb
      Size/MD5 checksum:   559580 da451f098a62af65f67c5c93dedff929

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_i386.deb
      Size/MD5 checksum:   520452 c04c0c6253dc91ea8f773cb1607258df

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_m68k.deb
      Size/MD5 checksum:   489770 dd7d17f57ed7b44922453f72d483c55d

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_powerpc.deb
      Size/MD5 checksum:   573334 13d6a9f30560b0d7056bb2938d62c5bf

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_sparc.deb
      Size/MD5 checksum:   554286 7540dd04b2f43db168b579a5b5e4640e


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2.dsc
      Size/MD5 checksum:      679 3422eaafcc0c6790921c2fadcfb45c21
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2.diff.gz
      Size/MD5 checksum:    34257 9ba55fbe1973fa07eaea17ceddb0a47b
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
      Size/MD5 checksum:  3278908 42e999daa659820ee93aaaa39ea1e9ea

  Alpha architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_alpha.deb
      Size/MD5 checksum:  1939060 dfb7750119b7688c3d8d8650d17f0d7c
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_alpha.deb
      Size/MD5 checksum:   333594 56dff0c9ce5c97aa17b7ddec5764fc7e
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_alpha.deb
      Size/MD5 checksum:   221390 7387c42257ef764a2ff02af5f6f10800
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_alpha.deb
      Size/MD5 checksum:  1705962 f8269a5cb64515afe3a4c898e2e35b81

  ARM architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_arm.deb
      Size/MD5 checksum:  1633044 e90d102738aeb2534c7e70acb7873c73
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_arm.deb
      Size/MD5 checksum:   296362 20785f615601377d95a35c18509428c8
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_arm.deb
      Size/MD5 checksum:   205268 cc1809339123e98a18c068214e46ba84
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_arm.deb
      Size/MD5 checksum:  1437240 8ca230be12a78181179c50ec59f14019

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_i386.deb
      Size/MD5 checksum:  1511486 dc02fd03fa24a93e5aefa5db2fb3c38f
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_i386.deb
      Size/MD5 checksum:   285708 fead37813e0a8b27b2d198ed96a09e72
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_i386.deb
      Size/MD5 checksum:   197506 3e35362ff31f9c8831da433664a87793
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_i386.deb
      Size/MD5 checksum:  1324234 589dbb41e4b8be0b6f59e1d5029a4534

  Intel IA-64 architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_ia64.deb
      Size/MD5 checksum:  2148514 346ba1362fee8a9384ec622a90ca4da8
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_ia64.deb
      Size/MD5 checksum:   372474 d71f6a54b81e9a02fa90fe9d9f655fac
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_ia64.deb
      Size/MD5 checksum:   232940 8631b791d6ea4745ec5f9391f1342964
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_ia64.deb
      Size/MD5 checksum:  1858670 0748a27f6467eed6e3b990c38adb8ae4

  HP Precision architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_hppa.deb
      Size/MD5 checksum:  1801788 490b5d284861576248e1f4b0dc68f23d
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_hppa.deb
      Size/MD5 checksum:   321500 dcf0dcbf57aa1974b34ca2a9282226d5
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_hppa.deb
      Size/MD5 checksum:   216122 feebbfda5ae79df0a6319aa91eefad69
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_hppa.deb
      Size/MD5 checksum:  1574400 f6c277ee39939222422ccf22c405cdcc

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_m68k.deb
      Size/MD5 checksum:  1422128 52618cb598d1cb02aab4265fa1a1e109
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_m68k.deb
      Size/MD5 checksum:   281842 093f64d0bfd4f7e285649f085ed23c9e
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_m68k.deb
      Size/MD5 checksum:   194400 157b134dea7ae457bb1b45e0c5700761
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_m68k.deb
      Size/MD5 checksum:  1246528 cc2467a18ff370127eda708863498e7c

  Big endian MIPS architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_mips.deb
      Size/MD5 checksum:  1615518 39e888789a4e9b5ae41e9dd9f34d8a70
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_mips.deb
      Size/MD5 checksum:   304542 f150ce7984701d180e72c9119df878d9
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_mips.deb
      Size/MD5 checksum:   212856 20e638a8b96d5f6261145f0a2d7aa61b
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_mips.deb
      Size/MD5 checksum:  1420690 2953c5e2019b980f34e3cda644423791

  Little endian MIPS architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_mipsel.deb
      Size/MD5 checksum:  1595962 116c1f6662b30ce208e0b911e0a48abd
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_mipsel.deb
      Size/MD5 checksum:   304078 e6c2ee04916033005787227a6a9ff249
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_mipsel.deb
      Size/MD5 checksum:   212514 c8cc996cbe70c49b381f4094ab79a0fd
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_mipsel.deb
      Size/MD5 checksum:  1404638 e7de537c62efa30669c622df80eb0cfa

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_powerpc.deb
      Size/MD5 checksum:  1616370 d06e81e77f2b378354b7109cfff3999e
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_powerpc.deb
      Size/MD5 checksum:   301234 3ad14331ebbc28828bfe8d86d06d39d3
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_powerpc.deb
      Size/MD5 checksum:   208070 003a9293509b86352699297f2dcd06a1
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_powerpc.deb
      Size/MD5 checksum:  1417096 f8e168e799a3513a4c6c4e5978b48997

  IBM S/390 architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_s390.deb
      Size/MD5 checksum:  1531624 8d1247e48022c9eca049d6f82fa27b0c
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_s390.deb
      Size/MD5 checksum:   294854 79dfa75bd8dc5594ba00ec45ff018621
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_s390.deb
      Size/MD5 checksum:   200804 e16d387f4b152dd66c9942b2b4a63ab8
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_s390.deb
      Size/MD5 checksum:  1347014 69976bdae0c3f1747e0ef505f99b9685

  Sun Sparc architecture:


     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_sparc.deb
      Size/MD5 checksum:  1580330 957aa365762f5597bbd0b4b504b0b8b1
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_sparc.deb
      Size/MD5 checksum:   317396 a3a32b25fb8e461c51b6c7f1b4b769f0
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_sparc.deb
      Size/MD5 checksum:   203866 c29c5dfd294938398b73ecdc1e5a868f
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_sparc.deb
      Size/MD5 checksum:  1387140 6c89ba3a017d51ffbb58c0db6e3c6504


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.