Boletines de Vulnerabilidades |
Denegación de servicio en ethereal |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Denegación de Servicio |
Dificultad | Avanzado |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | ethereal |
Descripción |
|
Se han descubierto una serie de vulnerabilidades en Ethereal, que podrían ser explotadas para provocar la caída de este programa. Las vulnerabilidades consisten en el filtrado incorrecto de distintos tipos de tráfico. Podrían ser aprovechadas por un atacante que hiciera llegar hasta Ethereal algunos paquetes especialmente diseñados, causando la caída del programa. |
|
Solución |
|
Actualización de software Debian Linux (CAN-2004-1142) Debian Linux 3.0 Source: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9.dsc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9.diff.gz http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz Arquitectura Alpha: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_alpha.deb Arquitectura ARM: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_arm.deb Arquitectura Intel IA-32: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_i386.deb Arquitectura Intel IA-64: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_ia64.deb Arquitectura HP Precision: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_hppa.deb Arquitectura Motorola 680x0: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_m68k.deb Arquitectura Big endian MIPS: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_mips.deb Arquitectura Little endian MIPS: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_mipsel.deb Arquitectura PowerPC: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_powerpc.deb Arquitectura IBM S/390: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_s390.deb Arquitectura Sun Sparc: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_sparc.deb Mandrake Linux Mandrake Linux 10.0 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/10.0/RPMS/ethereal-0.10.8-0.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/10.0/SRPMS/ethereal-0.10.8-0.1.100mdk.src.rpm Mandrake Linux 10.0/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/amd64/10.0/RPMS/ethereal-0.10.8-0.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/amd64/10.0/SRPMS/ethereal-0.10.8-0.1.100mdk.src.rpm Mandrake Linux 10.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/10.1/RPMS/ethereal-0.10.8-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/10.1/RPMS/ethereal-tools-0.10.8-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/10.1/RPMS/libethereal0-0.10.8-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/10.1/RPMS/tethereal-0.10.8-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/10.1/SRPMS/ethereal-0.10.8-0.1.101mdk.src.rpm Mandrake Linux 10.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/x86_64/10.1/RPMS/ethereal-0.10.8-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/x86_64/10.1/RPMS/ethereal-tools-0.10.8-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/x86_64/10.1/RPMS/lib64ethereal0-0.10.8-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/x86_64/10.1/RPMS/tethereal-0.10.8-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/x86_64/10.1/SRPMS/ethereal-0.10.8-0.1.101mdk.src.rpm Red Hat Linux Red Hat Desktop (v. 3) SRPMS ethereal-0.10.9-1.EL3.1.src.rpm IA-32 ethereal-0.10.9-1.EL3.1.i386.rpm ethereal-gnome-0.10.9-1.EL3.1.i386.rpm x86_64 ethereal-0.10.9-1.EL3.1.x86_64.rpm ethereal-gnome-0.10.9-1.EL3.1.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 2.1) SRPMS ethereal-0.10.9-1.AS21.1.src.rpm IA-32 ethereal-0.10.9-1.AS21.1.i386.rpm ethereal-gnome-0.10.9-1.AS21.1.i386.rpm IA-64 ethereal-0.10.9-1.AS21.1.ia64.rpm ethereal-gnome-0.10.9-1.AS21.1.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) SRPMS ethereal-0.10.9-1.EL3.1.src.rpm IA-32 ethereal-0.10.9-1.EL3.1.i386.rpm ethereal-gnome-0.10.9-1.EL3.1.i386.rpm IA-64 ethereal-0.10.9-1.EL3.1.ia64.rpm ethereal-gnome-0.10.9-1.EL3.1.ia64.rpm PPC ethereal-0.10.9-1.EL3.1.ppc.rpm ethereal-gnome-0.10.9-1.EL3.1.ppc.rpm s390 ethereal-0.10.9-1.EL3.1.s390.rpm ethereal-gnome-0.10.9-1.EL3.1.s390.rpm s390x ethereal-0.10.9-1.EL3.1.s390x.rpm ethereal-gnome-0.10.9-1.EL3.1.s390x.rpm x86_64 ethereal-0.10.9-1.EL3.1.x86_64.rpm ethereal-gnome-0.10.9-1.EL3.1.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 2.1) SRPMS ethereal-0.10.9-1.AS21.1.src.rpm IA-32 ethereal-0.10.9-1.AS21.1.i386.rpm ethereal-gnome-0.10.9-1.AS21.1.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) SRPMS ethereal-0.10.9-1.EL3.1.src.rpm IA-32 ethereal-0.10.9-1.EL3.1.i386.rpm ethereal-gnome-0.10.9-1.EL3.1.i386.rpm IA-64 ethereal-0.10.9-1.EL3.1.ia64.rpm ethereal-gnome-0.10.9-1.EL3.1.ia64.rpm x86_64 ethereal-0.10.9-1.EL3.1.x86_64.rpm ethereal-gnome-0.10.9-1.EL3.1.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 2.1) SRPMS ethereal-0.10.9-1.AS21.1.src.rpm IA-32 ethereal-0.10.9-1.AS21.1.i386.rpm ethereal-gnome-0.10.9-1.AS21.1.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) SRPMS ethereal-0.10.9-1.EL3.1.src.rpm IA-32 ethereal-0.10.9-1.EL3.1.i386.rpm ethereal-gnome-0.10.9-1.EL3.1.i386.rpm IA-64 ethereal-0.10.9-1.EL3.1.ia64.rpm ethereal-gnome-0.10.9-1.EL3.1.ia64.rpm x86_64 ethereal-0.10.9-1.EL3.1.x86_64.rpm ethereal-gnome-0.10.9-1.EL3.1.x86_64.rpm https://rhn.redhat.com/ Red Hat Linux Advanced Workstation 2.1 Itanium Processor SRPMS ethereal-0.10.9-1.AS21.1.src.rpm IA-64 ethereal-0.10.9-1.AS21.1.ia64.rpm ethereal-gnome-0.10.9-1.AS21.1.ia64.rpm https://rhn.redhat.com/ SUSE Linux Distribuciones basadas en SUSE Linux - Actualizar mediante YaST Online Update Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE |
CAN-2004-1139 CAN-2004-1140 CAN-2004-1141 CAN-2004-1142 |
BID | |
Recursos adicionales |
|
Mandrakesoft Security Advisory MDKSA-2004:152 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:152 Debian Security Advisory DSA 613 http://www.debian.org/security/2004/dsa-613 Red Hat Security Advisory RHSA-2005:011-11 https://rhn.redhat.com/errata/RHSA-2005-011.html SUSE Security Summary Report SUSE-SR:2005:003 http://www.novell.com/linux/security/advisories/2005_03_sr.html Red Hat Security Advisory RHSA-2005:037-11 https://rhn.redhat.com/errata/RHSA-2005-037.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2004-12-21 |
1.1 | Aviso emitido por Red Hat (RHSA-2005:011-11) | 2005-02-03 |
1.2 | Aviso emitido por SUSE (SUSE-SR:2005:003) | 2005-02-07 |
1.3 | Aviso emitido por Red Hat (RHSA-2005:037-11) | 2005-02-16 |