Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en ethereal |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricant afectat | GNU/Linux |
Software afectado | ethereal <0.10.9 |
Descripción |
|
Se han descubierto múltiples vulnerabilidades en las versiones anteriores a la 0.10.9 de ethereal. Las vulnerabilidades, en las implementaciones de múltiples protocolos, son descritas a continuación: - CAN-2005-0006: Una vulnerabilidad en la implementación de COPS podría provocar que ethereal entrará en un bucle infinito. - CAN-2005-0007: Una vulnerabilidad en la implementación de DLS podría provocar que ethereal terminará de forma prematura. - CAN-2005-0008: Una vulnerabilidad en la implementación de DNP podría provocar una corrupción de memoria. - CAN-2005-0009: Una vulnerabilidad en la implementación de Gnutella podría provocar que ethereal terminará de forma prematura. - CAN-2005-0010: Una vulnerabilidad en la implementación de MMSE podría provocar que ethereal intente liberar memoria estática mediante free(). - CAN-2005-0084: Una vulnerabilidad de desbordamiento de búfer en la implementación de X11. La explotación de estas vulnerabilidades podría permitir a un atacante remoto provocar una situación de denegación de servicio de ethereal o la ejecución de código arbitrario mediante el envío de paquetes especialmente diseñados. |
|
Solución |
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Ethereal Ethereal 0.10.9 http://www.ethereal.com/download.html Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11.dsc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11.diff.gz http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_alpha.deb ARM http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_ia64.deb HP Precision http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_sparc.deb Mandrake Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/ethereal-0.10.9-0.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/ethereal-0.10.9-0.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/ethereal-0.10.9-0.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/ethereal-0.10.9-0.1.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/ethereal-0.10.9-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/ethereal-tools-0.10.9-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libethereal0-0.10.9-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/tethereal-0.10.9-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/ethereal-0.10.9-0.1.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/ethereal-0.10.9-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/ethereal-tools-0.10.9-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64ethereal0-0.10.9-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/tethereal-0.10.9-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/ethereal-0.10.9-0.1.101mdk.src.rpm Red Hat Linux Red Hat Desktop (v. 3) SRPMS ethereal-0.10.9-1.EL3.1.src.rpm IA-32 ethereal-0.10.9-1.EL3.1.i386.rpm ethereal-gnome-0.10.9-1.EL3.1.i386.rpm x86_64 ethereal-0.10.9-1.EL3.1.x86_64.rpm ethereal-gnome-0.10.9-1.EL3.1.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 2.1) SRPMS ethereal-0.10.9-1.AS21.1.src.rpm IA-32 ethereal-0.10.9-1.AS21.1.i386.rpm ethereal-gnome-0.10.9-1.AS21.1.i386.rpm IA-64 ethereal-0.10.9-1.AS21.1.ia64.rpm ethereal-gnome-0.10.9-1.AS21.1.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) SRPMS ethereal-0.10.9-1.EL3.1.src.rpm IA-32 ethereal-0.10.9-1.EL3.1.i386.rpm ethereal-gnome-0.10.9-1.EL3.1.i386.rpm IA-64 ethereal-0.10.9-1.EL3.1.ia64.rpm ethereal-gnome-0.10.9-1.EL3.1.ia64.rpm PPC ethereal-0.10.9-1.EL3.1.ppc.rpm ethereal-gnome-0.10.9-1.EL3.1.ppc.rpm s390 ethereal-0.10.9-1.EL3.1.s390.rpm ethereal-gnome-0.10.9-1.EL3.1.s390.rpm s390x ethereal-0.10.9-1.EL3.1.s390x.rpm ethereal-gnome-0.10.9-1.EL3.1.s390x.rpm x86_64 ethereal-0.10.9-1.EL3.1.x86_64.rpm ethereal-gnome-0.10.9-1.EL3.1.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 2.1) SRPMS ethereal-0.10.9-1.AS21.1.src.rpm IA-32 ethereal-0.10.9-1.AS21.1.i386.rpm ethereal-gnome-0.10.9-1.AS21.1.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) SRPMS ethereal-0.10.9-1.EL3.1.src.rpm IA-32 ethereal-0.10.9-1.EL3.1.i386.rpm ethereal-gnome-0.10.9-1.EL3.1.i386.rpm IA-64 ethereal-0.10.9-1.EL3.1.ia64.rpm ethereal-gnome-0.10.9-1.EL3.1.ia64.rpm x86_64 ethereal-0.10.9-1.EL3.1.x86_64.rpm ethereal-gnome-0.10.9-1.EL3.1.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 2.1) SRPMS ethereal-0.10.9-1.AS21.1.src.rpm IA-32 ethereal-0.10.9-1.AS21.1.i386.rpm ethereal-gnome-0.10.9-1.AS21.1.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) SRPMS ethereal-0.10.9-1.EL3.1.src.rpm IA-32 ethereal-0.10.9-1.EL3.1.i386.rpm ethereal-gnome-0.10.9-1.EL3.1.i386.rpm IA-64 ethereal-0.10.9-1.EL3.1.ia64.rpm ethereal-gnome-0.10.9-1.EL3.1.ia64.rpm x86_64 ethereal-0.10.9-1.EL3.1.x86_64.rpm ethereal-gnome-0.10.9-1.EL3.1.x86_64.rpm https://rhn.redhat.com/ Red Hat Linux Advanced Workstation 2.1 Itanium Processor SRPMS ethereal-0.10.9-1.AS21.1.src.rpm IA-64 ethereal-0.10.9-1.AS21.1.ia64.rpm ethereal-gnome-0.10.9-1.AS21.1.ia64.rpm https://rhn.redhat.com/ SUSE Linux Distribuciones basadas en SUSE Linux - Actualizar mediante YaST Online Update Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE |
CAN-2005-0006 CAN-2005-0007 CAN-2005-0008 CAN-2005-0009 CAN-2005-0010 CAN-2005-0084 |
BID | |
Recursos adicionales |
|
Ethereal 0.10.9 released - Thursday, January 20, 2005 http://www.ethereal.com/news/item_20050120_01.html Debian Security Advisory DSA 653-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00031.html Mandrakesoft Security Advisories MDKSA-2005:013 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:013 Red Hat Security Advisory RHSA-2005:011-11 https://rhn.redhat.com/errata/RHSA-2005-011.html SUSE Security Summary Report SUSE-SR:2005:003 http://www.novell.com/linux/security/advisories/2005_03_sr.html Red Hat Security Advisory RHSA-2005:037-11 https://rhn.redhat.com/errata/RHSA-2005-037.html |
Histórico de versiones |
||
Versión | Comentario | Data |
1.0 | Aviso emitido | 2005-01-24 |
1.1 | Aviso emitido por Mandrake (MDKSA-2005:013) | 2005-01-25 |
1.2 | Aviso emitido por Red Hat (RHSA-2005:011-11) | 2005-02-03 |
1.3 | Aviso emitido por SUSE (SUSE-SR:2005:003) | 2005-02-07 |
1.4 | Aviso emitido por Red Hat (RHSA-2005:037-11) | 2005-02-16 |