int(1442)

Vulnerability Bulletins


Desbordamientos de búfer remotos en ethereal

Vulnerability classification

Property Value
Confidence level Oficial
Impact Obtener acceso
Dificulty Principiante
Required attacker level Acceso remoto sin cuenta a un servicio exotico

System information

Property Value
Affected manufacturer GNU/Linux
Affected software Ethereal <=0.10.9

Description

Se han descubierto múltiples vulnerabilidades de desbordamiento de búfer en la versión 0.10.9 y anteriores de Ethereal. Las vulnerabilidades residen en las funciones dissect_a11_radius() y dissect_a11_radius() localizadas en packet-3g-a11.c y utilizadas para el parseo de paquetes de autenticación RADIUS.

La explotación de estas vulnerabilidades podría permitir a un atacante remoto ejecutar código arbitrario mediante el envío de paquetes de autenticación RADIUS especialmente diseñados.

Solution

You can either use the update engine of your operating system, or download the sources and compile them yourself.


Actualización de software

Ethereal
Ethereal 0.10.10
http://www.ethereal.com/download.html

Mandrake Linux

Mandrakelinux 10.0
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/ethereal-0.10.10-0.1.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/ethereal-0.10.10-0.1.100mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/ethereal-0.10.10-0.1.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/ethereal-0.10.10-0.1.100mdk.src.rpm

Mandrakelinux 10.1
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/ethereal-0.10.10-0.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/ethereal-tools-0.10.10-0.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libethereal0-0.10.10-0.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/tethereal-0.10.10-0.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/ethereal-0.10.10-0.1.101mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/ethereal-0.10.10-0.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/ethereal-tools-0.10.10-0.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64ethereal0-0.10.10-0.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/tethereal-0.10.10-0.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/ethereal-0.10.10-0.1.101mdk.src.rpm

Red Hat Linux
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 Itanium Processor
https://rhn.redhat.com/

Standar resources

Property Value
CVE CAN-2005-0699
BID 12759

Other resources

Ethereal Security Advisory enpa-sa-00018
http://www.ethereal.com/appnotes/enpa-sa-00018.html

LSS Security Advisory #LSS-2005-03-04
http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-03-04

Mandrakesoft Security Advisories MDKSA-2005:053
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:053

Red Hat Security Advisory RHSA-2005:306-10
https://rhn.redhat.com/errata/RHSA-2005-306.html

Version history

Version Comments Date
1.0 Aviso emitido 2005-03-09
1.1 Publicado Ethereal 0.10.10 2005-03-14
2.0 Exploit público disponible 2005-03-15
2.1 Aviso emitido por Mandrake (MDKSA-2005:053) 2005-03-16
2.2 Aviso emitido por Red Hat (RHSA-2005:306-10) 2005-03-21
Ministerio de Defensa
CNI
CCN
CCN-CERT