Vulnerability Bulletins

int(708)

Vulnerability Bulletins

Múltiples vulnerabilidades de desbordamiento de búfer en Ethereal
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Principiante
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	Ethereal 0.8.14 - 0.10.2
Description
Se han descubierto múltiples vulnerabilidades (13) de desbordamiento de búfer en las versiones comprendidas entre la 0.8.14 y la 0.10.2 de Ethereal. La explotación de estas vulnerabilidades, en su mayoría, podría permitir a un atacante remoto la ejecución remota de código mediante el envío de paquetes especialmente diseñados a un entorno dónde se este utilizando ethereal o bien conseguir que la víctima cargue un archivo de captura de paquetes especialmente diseñado con ethereal. Los protocolos soportados por ethereal que se ven involucrados en las vulnerabilidades son los siguientes: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP y TCAP.
Solution
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Ethereal Ethereal 0.10.3 http://www.ethereal.com/ Mandrake Linux Mandrake Linux 9.1 i386 ftp://ftp.rediris.es/mirror/mandrake/updates/9.1/RPMS/ethereal-0.10.3-0.1.91mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.1/SRPMS/ethereal-0.10.3-0.1.91mdk.src.rpm PPC ftp://ftp.rediris.es/mirror/mandrake/updates/ppc/9.1/RPMS/ethereal-0.10.3-0.1.91mdk.ppc.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/ppc/9.1/SRPMS/ethereal-0.10.3-0.1.91mdk.src.rpm Mandrake Linux 9.2 i386 ftp://ftp.rediris.es/mirror/mandrake/updates/9.2/RPMS/ethereal-0.10.3-0.1.92mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.2/SRPMS/ethereal-0.10.3-0.1.92mdk.src.rpm AMD64 ftp://ftp.rediris.es/mirror/mandrake/updates/amd64/9.2/RPMS/ethereal-0.10.3-0.1.92mdk.amd64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/amd64/9.2/SRPMS/ethereal-0.10.3-0.1.92mdk.src.rpm RedHat Linux RedHat Linux 9 SRPMS ftp://updates.redhat.com/9/en/os/SRPMS/ethereal-0.10.3-0.90.1.src.rpm i386 ftp://updates.redhat.com/9/en/os/i386/ethereal-0.10.3-0.90.1.i386.rpm ftp://updates.redhat.com/9/en/os/i386/ethereal-gnome-0.10.3-0.90.1.i386.rpm Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7.dsc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7.diff.gz http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_alpha.deb ARM http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_ia64.deb HP Precision http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_sparc.deb
Standar resources
Property	Value
CVE	CAN-2004-0176
BID
Other resources
e-matters Security Advisory 03-2004 http://security.e-matters.de/advisories/032004.html Ethereal Security Advisory enpa-sa-00013 http://www.ethereal.com/appnotes/enpa-sa-00013.html Mandrake Security Advisory MDKSA-2004:024 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:024 RedHat Security Advisory RHSA-2004:137-07 https://rhn.redhat.com/errata/RHSA-2004-137.html Debian Security Advisory DSA 511-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00111.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-03-24
1.1	Exploit público para esta vulnerabilidad	2004-03-30
1.2	Aviso emitido por Mandrake	2004-03-31
1.3	Aviso emitido por RedHat	2004-04-01
1.4	Aviso emitido por Debian (DSA 511-1)	2004-06-01

Vulnerability Bulletins

Múltiples vulnerabilidades de desbordamiento de búfer en Ethereal

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history