LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 'ethereal' buffer/integer overflows Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian Timo Sirainen discovered several vulnerabilities in ethereal, a network traffic analyzer. These include one-byte buffer overflows in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors, and integer overflows in the Mount and PPP dissectors.

--------------------------------------------------------------------------
Debian Security Advisory DSA 313-1                     security@debian.org 
http://www.debian.org/security/                             Matt Zimmerman
June 11th, 2003                          http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : ethereal
Vulnerability  : buffer overflows, integer overflows
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0356 CAN-2003-0357

Timo Sirainen discovered several vulnerabilities in ethereal, a
network traffic analyzer.  These include one-byte buffer overflows in
the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB,
SMPP, and TSP dissectors, and integer overflows in the Mount and PPP
dissectors.

For the stable distribution (woody) these problems have been fixed in
version 0.9.4-1woody4.

The old stable distribution (potato) does not appear to contain these
vulnerabilities.

For the unstable distribution (sid) these problems are fixed in version
0.9.12-1.

We recommend that you update your ethereal package.

Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.dsc
      Size/MD5 checksum:      679 a6456b3e20f44a3f53256bf722c010cd
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.diff.gz
      Size/MD5 checksum:    31800 160670a883256ee0d40066424ffc527a
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
      Size/MD5 checksum:  3278908 42e999daa659820ee93aaaa39ea1e9ea

  Alpha architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_alpha.deb
      Size/MD5 checksum:  1939098 67c1fd2e2851976aef3db87a2d128484
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_alpha.deb
      Size/MD5 checksum:   333810 c239ee7f87136dd0d7750996a702b387
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_alpha.deb
      Size/MD5 checksum:   221594 9b6bad1bd7d23ec7c54c40ec336e5edd
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_alpha.deb
      Size/MD5 checksum:  1706008 5ac67ca2d0530676c41563dae337a0e4

  ARM architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_arm.deb
      Size/MD5 checksum:  1633108 73c97178ef157e709fcc36753a1ea85c
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_arm.deb
      Size/MD5 checksum:   296662 0a9bec8514d203e90c712b12ef19de25
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_arm.deb
      Size/MD5 checksum:   205452 9641c7fa333a0ce2f33bf38a78640351
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_arm.deb
      Size/MD5 checksum:  1437636 4286845b2a848f4d293c1be807d62446

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_i386.deb
      Size/MD5 checksum:  1511802 4e554f6ef3da40ac3215099141e7c10b
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_i386.deb
      Size/MD5 checksum:   285948 df25b50bfa385f84b091227df926bc0f
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_i386.deb
      Size/MD5 checksum:   197860 6eb91acb63bd5e3938cdb186b507dd38
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_i386.deb
      Size/MD5 checksum:  1324426 96887c970d1725be47988c498708762f

  Intel IA-64 architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_ia64.deb
      Size/MD5 checksum:  2148676 f39ffacba60f1f2a132750d76cb972b7
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_ia64.deb
      Size/MD5 checksum:   372650 866ee108f08e625d3981362726d9799a
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_ia64.deb
      Size/MD5 checksum:   233180 e125fa9dc0e59d7d14d43505ffe05368
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_ia64.deb
      Size/MD5 checksum:  1858536 904fce57cb39662e9560f0143d326bb8

  HP Precision architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_hppa.deb
      Size/MD5 checksum:  1802046 d5114f9632deea43ba5f99ff79a67db3
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_hppa.deb
      Size/MD5 checksum:   321802 33656ff4dbd495d3c8f1dc9ed6c798ff
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_hppa.deb
      Size/MD5 checksum:   216336 34bbb2832844a7bb83fcff37cae852c0
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_hppa.deb
      Size/MD5 checksum:  1574474 da9563f1c19e93d7f68caf369540af35

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_m68k.deb
      Size/MD5 checksum:  1422378 43efc6d431fc6d8c7587e18bd24fe8f2
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_m68k.deb
      Size/MD5 checksum:   282076 2d3fc00fe2260fb85062c0d8697f5a31
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_m68k.deb
      Size/MD5 checksum:   194600 ffe9f83876b5a9ac1c4527057e76f2a5
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_m68k.deb
      Size/MD5 checksum:  1246858 b9e8b7a88e11032e86697ca1570322f4

  Big endian MIPS architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mips.deb
      Size/MD5 checksum:  1615618 6075fa7c13fa8ca8f3dc7258be8352d7
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mips.deb
      Size/MD5 checksum:   304780 9f9632fc4b81f7091a3d06821188f8d1
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mips.deb
      Size/MD5 checksum:   213104 f006c9731d11e3a04dbeca5c3590a15f
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mips.deb
      Size/MD5 checksum:  1420708 45f88bb1c3af5021ecc06cce889cc752

  Little endian MIPS architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mipsel.deb
      Size/MD5 checksum:  1596150 3448b7e38f8cb465b10e24aff4cf0194
 
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mipsel.deb
      Size/MD5 checksum:   304294 eb86e3592b8d655e6365e3633784eed1
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mipsel.deb
      Size/MD5 checksum:   212736 27602ffe5022eaa068cb72d2df940d13
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mipsel.deb
      Size/MD5 checksum:  1404954 3e5de4a79c1b139c3b2f0ae179469be7

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_powerpc.deb
      Size/MD5 checksum:  1616730 f14611ce9d14d7dd4bdb68f944ff9d1b
    
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_powerpc.deb
      Size/MD5 checksum:   301440 2c0628a56ff3695877daf9f31dffc1ee
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_powerpc.deb
      Size/MD5 checksum:   208310 fce4f437ba8aaf2e258eaf322de1d070
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_powerpc.deb
      Size/MD5 checksum:  1417094 0d39172de87a53c1f048113606acaa01

  IBM S/390 architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_s390.deb
      Size/MD5 checksum:  1573090 d6aa9760cfcf8e50085fbad1ac1c519a
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_s390.deb
      Size/MD5 checksum:   300270 17aee5bcac8c012541f30dc6fb594563
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_s390.deb
      Size/MD5 checksum:   203304 c6a7ea1eacb1d13748eaeeb54357b203
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_s390.deb
      Size/MD5 checksum:  1385758 d529f4ca3dd4c9275947beb24b462057

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_sparc.deb
      Size/MD5 checksum:  1580628 d29f917e447c05e878dc0d5133a6253e
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_sparc.deb
      Size/MD5 checksum:   317574 64bff1a09c7120f16d1ace0857b285d7
     http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_sparc.deb
      Size/MD5 checksum:   204094 1af2856d9cb07f3fb680a6891217b4b7
     http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_sparc.deb
      Size/MD5 checksum:  1387272 1b9ce45f55bdbf9ce990a058b0318c12


---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.