Boletines de Vulnerabilidades |
Desbordamiento de búfer en disector OSPF de Ethereal |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | Ethereal <= 0.10.13 |
Descripción |
|
Se ha descubierto una vulnerabilidad en Ethereal 0.10.13 y versiones anteriores. La vulnerabilidad reside en un desbordamiento de búfer en la función "dissect_ospf_v3_address_prefix" del disector del protocolo OSPF. Un atacante remoto podría causar una denegación de servicio o ejecutar código arbitrario mediante paquetes especialmente diseñados. |
|
Solución |
|
Actualización de software Ethereal Parche código fuente http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/epan/dissectors/packet-ospf.c?rev=16507&view=markup Ethereal Ethereal 0.10.14 http://www.ethereal.com/download.html#releases Debian Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14.dsc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14.diff.gz http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_alpha.deb ARM http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_ia64.deb HP Precision http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_sparc.deb Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4.dsc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4.diff.gz http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_alpha.deb AMD64 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_amd64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_amd64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_amd64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_amd64.deb ARM http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_ia64.deb HP Precision http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_sparc.deb Mandriva Linux Mandrivalinux 2006 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/ethereal-0.10.14-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/ethereal-tools-0.10.14-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libethereal0-0.10.14-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/tethereal-0.10.14-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/ethereal-0.10.14-0.1.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/ethereal-0.10.14-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/ethereal-tools-0.10.14-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64ethereal0-0.10.14-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/tethereal-0.10.14-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/ethereal-0.10.14-0.1.20060mdk.src.rpm Red Hat Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor https://rhn.redhat.com/ SGI Advanced Linux Environment 3 / RPM / Patch 10265 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10265 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2005-3651 |
BID | 15794 |
Recursos adicionales |
|
Ethereal (packet-ospf.c) http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/epan/dissectors/packet-ospf.c iDefense Security Advisory (12.09.05) http://www.idefense.com/application/poi/display?id=349&type=vulnerabilities&flashstatus=true Debian Security Advisory (DSA 920-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00321.html Ethereal Security Advisory enpa-sa-00022 http://www.ethereal.com/appnotes/enpa-sa-00022.html Mandriva Security Advisory MDKSA-2006:002 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:002 Red Hat Security Advisory (RHSA-2006:0156-6) https://rhn.redhat.com/errata/RHSA-2006-0156.html SGI Security Advisory (20060201-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060201-01.U.asc SUSE Security Advisory (SUSE-SR:2006:004) http://www.novell.com/linux/security/advisories/2006_04_sr.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2005-12-13 |
1.1 | Publicado Ethereal 0.10.14 | 2006-01-03 |
1.2 | Aviso emitido por Mandriva (MDKSA-2006:002) | 2006-01-04 |
1.3 | Aviso emitido por Red Hat (RHSA-2006:0156-6) | 2006-01-12 |
1.4 | Aviso emitido por SGI (20060201-01-U) | 2006-02-20 |
1.5 | Aviso emitido por Suse (SUSE-SR:2006:004) | 2006-03-01 |