Boletines de Vulnerabilidades |
Múltiples vulnerabilidades de desbordamiento de búfer en Ethereal |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Principiante |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | Ethereal 0.8.14 - 0.10.2 |
Descripción |
|
Se han descubierto múltiples vulnerabilidades (13) de desbordamiento de búfer en las versiones comprendidas entre la 0.8.14 y la 0.10.2 de Ethereal. La explotación de estas vulnerabilidades, en su mayoría, podría permitir a un atacante remoto la ejecución remota de código mediante el envío de paquetes especialmente diseñados a un entorno dónde se este utilizando ethereal o bien conseguir que la víctima cargue un archivo de captura de paquetes especialmente diseñado con ethereal. Los protocolos soportados por ethereal que se ven involucrados en las vulnerabilidades son los siguientes: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP y TCAP. |
|
Solución |
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Ethereal Ethereal 0.10.3 http://www.ethereal.com/ Mandrake Linux Mandrake Linux 9.1 i386 ftp://ftp.rediris.es/mirror/mandrake/updates/9.1/RPMS/ethereal-0.10.3-0.1.91mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.1/SRPMS/ethereal-0.10.3-0.1.91mdk.src.rpm PPC ftp://ftp.rediris.es/mirror/mandrake/updates/ppc/9.1/RPMS/ethereal-0.10.3-0.1.91mdk.ppc.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/ppc/9.1/SRPMS/ethereal-0.10.3-0.1.91mdk.src.rpm Mandrake Linux 9.2 i386 ftp://ftp.rediris.es/mirror/mandrake/updates/9.2/RPMS/ethereal-0.10.3-0.1.92mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.2/SRPMS/ethereal-0.10.3-0.1.92mdk.src.rpm AMD64 ftp://ftp.rediris.es/mirror/mandrake/updates/amd64/9.2/RPMS/ethereal-0.10.3-0.1.92mdk.amd64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/amd64/9.2/SRPMS/ethereal-0.10.3-0.1.92mdk.src.rpm RedHat Linux RedHat Linux 9 SRPMS ftp://updates.redhat.com/9/en/os/SRPMS/ethereal-0.10.3-0.90.1.src.rpm i386 ftp://updates.redhat.com/9/en/os/i386/ethereal-0.10.3-0.90.1.i386.rpm ftp://updates.redhat.com/9/en/os/i386/ethereal-gnome-0.10.3-0.90.1.i386.rpm Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7.dsc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7.diff.gz http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_alpha.deb ARM http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_ia64.deb HP Precision http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_sparc.deb |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2004-0176 |
BID | |
Recursos adicionales |
|
e-matters Security Advisory 03-2004 http://security.e-matters.de/advisories/032004.html Ethereal Security Advisory enpa-sa-00013 http://www.ethereal.com/appnotes/enpa-sa-00013.html Mandrake Security Advisory MDKSA-2004:024 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:024 RedHat Security Advisory RHSA-2004:137-07 https://rhn.redhat.com/errata/RHSA-2004-137.html Debian Security Advisory DSA 511-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00111.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2004-03-24 |
1.1 | Exploit público para esta vulnerabilidad | 2004-03-30 |
1.2 | Aviso emitido por Mandrake | 2004-03-31 |
1.3 | Aviso emitido por RedHat | 2004-04-01 |
1.4 | Aviso emitido por Debian (DSA 511-1) | 2004-06-01 |