LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: ethereal security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: ethereal security update
Advisory ID:       RHSA-2005:306-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-306.html
Issue date:        2005-03-18
Updated on:        2005-03-18
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0699 CAN-2005-0704 CAN-2005-0705 CAN-2005-0739
- ---------------------------------------------------------------------

1. Summary:

Updated Ethereal packages that fix various security vulnerabilities are now
available.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The ethereal package is a program for monitoring network traffic.


A number of security flaws have been discovered in Ethereal.  On a system
where Ethereal is running, a remote attacker could send malicious packets
to trigger these flaws and cause Ethereal to crash or potentially execute
arbitrary code.

A buffer overflow flaw was discovered in the Etheric dissector.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0704 to this issue.

The GPRS-LLC dissector could crash if the "ignore cipher bit" option was
set. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0705 to this issue.

A buffer overflow flaw was discovered in the 3GPP2 A11 dissector.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0699 to this issue.

A buffer overflow flaw was discovered in the IAPP dissector.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0739 to this issue.

Users of ethereal should upgrade to these updated packages, which contain
version 0.10.10 and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

150705 - CAN-2005-0699 Multiple ethereal issues (CAN-2005-0704 CAN-2005-0705)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ethereal-0.10.10-1.AS21.1.src.rpm
a338f0f8bf256c967075886f040d28e2  ethereal-0.10.10-1.AS21.1.src.rpm

i386:
3b3961d37d85f1d133b6a547d3a1c1df  ethereal-0.10.10-1.AS21.1.i386.rpm
a9612756dfc446a516f8a6cdc6751b7c  ethereal-gnome-0.10.10-1.AS21.1.i386.rpm

ia64:
e99a353b78155e1436671d304cc5783f  ethereal-0.10.10-1.AS21.1.ia64.rpm
52f3fe5e9b24e8cef8fa7c314bbe87c9  ethereal-gnome-0.10.10-1.AS21.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ethereal-0.10.10-1.AS21.1.src.rpm
a338f0f8bf256c967075886f040d28e2  ethereal-0.10.10-1.AS21.1.src.rpm

ia64:
e99a353b78155e1436671d304cc5783f  ethereal-0.10.10-1.AS21.1.ia64.rpm
52f3fe5e9b24e8cef8fa7c314bbe87c9  ethereal-gnome-0.10.10-1.AS21.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ethereal-0.10.10-1.AS21.1.src.rpm
a338f0f8bf256c967075886f040d28e2  ethereal-0.10.10-1.AS21.1.src.rpm

i386:
3b3961d37d85f1d133b6a547d3a1c1df  ethereal-0.10.10-1.AS21.1.i386.rpm
a9612756dfc446a516f8a6cdc6751b7c  ethereal-gnome-0.10.10-1.AS21.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ethereal-0.10.10-1.AS21.1.src.rpm
a338f0f8bf256c967075886f040d28e2  ethereal-0.10.10-1.AS21.1.src.rpm

i386:
3b3961d37d85f1d133b6a547d3a1c1df  ethereal-0.10.10-1.AS21.1.i386.rpm
a9612756dfc446a516f8a6cdc6751b7c  ethereal-gnome-0.10.10-1.AS21.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ethereal-0.10.10-1.EL3.1.src.rpm
32d2c9b57fa40066052daea53db4bcf1  ethereal-0.10.10-1.EL3.1.src.rpm

i386:
3b03965e2cf37d7af3032f2807416ee2  ethereal-0.10.10-1.EL3.1.i386.rpm
3205521c99494c2093e05d71c1cd3dbd  ethereal-gnome-0.10.10-1.EL3.1.i386.rpm

ia64:
51ece445012d8f536a217b24978feaab  ethereal-0.10.10-1.EL3.1.ia64.rpm
9fca87b270af3770ef431d6cb4cd8cf0  ethereal-gnome-0.10.10-1.EL3.1.ia64.rpm

ppc:
e7bbc35c074deceb6642110280963ffc  ethereal-0.10.10-1.EL3.1.ppc.rpm
d62cdda64da9b8ac99e9a113dffd51e2  ethereal-gnome-0.10.10-1.EL3.1.ppc.rpm

s390:
e058533841940611b6dfd41dddf353d4  ethereal-0.10.10-1.EL3.1.s390.rpm
9b5f47fe9c15df640f0fb12ad259be69  ethereal-gnome-0.10.10-1.EL3.1.s390.rpm

s390x:
dceafd4686403083809b54b6921a09a3  ethereal-0.10.10-1.EL3.1.s390x.rpm
f54f092d247cec4a1c441d548f75ffe5  ethereal-gnome-0.10.10-1.EL3.1.s390x.rpm

x86_64:
e245dbbca7a2140c71c3e256479e68d4  ethereal-0.10.10-1.EL3.1.x86_64.rpm
3f6d6aa9b62db253f6ed0c56a3ba65e5  ethereal-gnome-0.10.10-1.EL3.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ethereal-0.10.10-1.EL3.1.src.rpm
32d2c9b57fa40066052daea53db4bcf1  ethereal-0.10.10-1.EL3.1.src.rpm

i386:
3b03965e2cf37d7af3032f2807416ee2  ethereal-0.10.10-1.EL3.1.i386.rpm
3205521c99494c2093e05d71c1cd3dbd  ethereal-gnome-0.10.10-1.EL3.1.i386.rpm

x86_64:
e245dbbca7a2140c71c3e256479e68d4  ethereal-0.10.10-1.EL3.1.x86_64.rpm
3f6d6aa9b62db253f6ed0c56a3ba65e5  ethereal-gnome-0.10.10-1.EL3.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ethereal-0.10.10-1.EL3.1.src.rpm
32d2c9b57fa40066052daea53db4bcf1  ethereal-0.10.10-1.EL3.1.src.rpm

i386:
3b03965e2cf37d7af3032f2807416ee2  ethereal-0.10.10-1.EL3.1.i386.rpm
3205521c99494c2093e05d71c1cd3dbd  ethereal-gnome-0.10.10-1.EL3.1.i386.rpm

ia64:
51ece445012d8f536a217b24978feaab  ethereal-0.10.10-1.EL3.1.ia64.rpm
9fca87b270af3770ef431d6cb4cd8cf0  ethereal-gnome-0.10.10-1.EL3.1.ia64.rpm

x86_64:
e245dbbca7a2140c71c3e256479e68d4  ethereal-0.10.10-1.EL3.1.x86_64.rpm
3f6d6aa9b62db253f6ed0c56a3ba65e5  ethereal-gnome-0.10.10-1.EL3.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ethereal-0.10.10-1.EL3.1.src.rpm
32d2c9b57fa40066052daea53db4bcf1  ethereal-0.10.10-1.EL3.1.src.rpm

i386:
3b03965e2cf37d7af3032f2807416ee2  ethereal-0.10.10-1.EL3.1.i386.rpm
3205521c99494c2093e05d71c1cd3dbd  ethereal-gnome-0.10.10-1.EL3.1.i386.rpm

ia64:
51ece445012d8f536a217b24978feaab  ethereal-0.10.10-1.EL3.1.ia64.rpm
9fca87b270af3770ef431d6cb4cd8cf0  ethereal-gnome-0.10.10-1.EL3.1.ia64.rpm

x86_64:
e245dbbca7a2140c71c3e256479e68d4  ethereal-0.10.10-1.EL3.1.x86_64.rpm
3f6d6aa9b62db253f6ed0c56a3ba65e5  ethereal-gnome-0.10.10-1.EL3.1.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ethereal-0.10.10-1.EL4.1.src.rpm
79554433258770de9543af0c4c46530a  ethereal-0.10.10-1.EL4.1.src.rpm

i386:
42ef9c43f9beac7e56daeb0fe37b0410  ethereal-0.10.10-1.EL4.1.i386.rpm
c2deaa08b9bb28dda7d0bd70250743a7  ethereal-gnome-0.10.10-1.EL4.1.i386.rpm

ia64:
d359ec6bcd42d582f72d11f35da06380  ethereal-0.10.10-1.EL4.1.ia64.rpm
e8c95b60c9acc82772207af1e99d1804  ethereal-gnome-0.10.10-1.EL4.1.ia64.rpm

ppc:
9fdb6c8afe12e15da837f0f1e927cfbb  ethereal-0.10.10-1.EL4.1.ppc.rpm
d8494d4ec54becd0f468f49004bd6273  ethereal-gnome-0.10.10-1.EL4.1.ppc.rpm

s390:
32a15bad41ee0b610d8e42519eefda50  ethereal-0.10.10-1.EL4.1.s390.rpm
196489ef013a4874ad5abe9788689585  ethereal-gnome-0.10.10-1.EL4.1.s390.rpm

s390x:
c3fc67ecb11f7fce145a8eb2ed2cf0b3  ethereal-0.10.10-1.EL4.1.s390x.rpm
b71701f345bfa34bfade35b0b15ee745  ethereal-gnome-0.10.10-1.EL4.1.s390x.rpm

x86_64:
1c0fb944257bb3da1f5265a2957b26bd  ethereal-0.10.10-1.EL4.1.x86_64.rpm
8ac83f1a2e468dbc2cbf24f215cc5ed7  ethereal-gnome-0.10.10-1.EL4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ethereal-0.10.10-1.EL4.1.src.rpm
79554433258770de9543af0c4c46530a  ethereal-0.10.10-1.EL4.1.src.rpm

i386:
42ef9c43f9beac7e56daeb0fe37b0410  ethereal-0.10.10-1.EL4.1.i386.rpm
c2deaa08b9bb28dda7d0bd70250743a7  ethereal-gnome-0.10.10-1.EL4.1.i386.rpm

x86_64:
1c0fb944257bb3da1f5265a2957b26bd  ethereal-0.10.10-1.EL4.1.x86_64.rpm
8ac83f1a2e468dbc2cbf24f215cc5ed7  ethereal-gnome-0.10.10-1.EL4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ethereal-0.10.10-1.EL4.1.src.rpm
79554433258770de9543af0c4c46530a  ethereal-0.10.10-1.EL4.1.src.rpm

i386:
42ef9c43f9beac7e56daeb0fe37b0410  ethereal-0.10.10-1.EL4.1.i386.rpm
c2deaa08b9bb28dda7d0bd70250743a7  ethereal-gnome-0.10.10-1.EL4.1.i386.rpm

ia64:
d359ec6bcd42d582f72d11f35da06380  ethereal-0.10.10-1.EL4.1.ia64.rpm
e8c95b60c9acc82772207af1e99d1804  ethereal-gnome-0.10.10-1.EL4.1.ia64.rpm

x86_64:
1c0fb944257bb3da1f5265a2957b26bd  ethereal-0.10.10-1.EL4.1.x86_64.rpm
8ac83f1a2e468dbc2cbf24f215cc5ed7  ethereal-gnome-0.10.10-1.EL4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ethereal-0.10.10-1.EL4.1.src.rpm
79554433258770de9543af0c4c46530a  ethereal-0.10.10-1.EL4.1.src.rpm

i386:
42ef9c43f9beac7e56daeb0fe37b0410  ethereal-0.10.10-1.EL4.1.i386.rpm
c2deaa08b9bb28dda7d0bd70250743a7  ethereal-gnome-0.10.10-1.EL4.1.i386.rpm

ia64:
d359ec6bcd42d582f72d11f35da06380  ethereal-0.10.10-1.EL4.1.ia64.rpm
e8c95b60c9acc82772207af1e99d1804  ethereal-gnome-0.10.10-1.EL4.1.ia64.rpm

x86_64:
1c0fb944257bb3da1f5265a2957b26bd  ethereal-0.10.10-1.EL4.1.x86_64.rpm
8ac83f1a2e468dbc2cbf24f215cc5ed7  ethereal-gnome-0.10.10-1.EL4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.ethereal.com/appnotes/enpa-sa-00018.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0739

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.