Ethereal multiple dissectors buffer overflows

ethereal-multiple-dissectors-bo (15569)

High Risk

Description:

Ethereal is vulnerable to multiple buffer overflows in the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, TCAP and UCP protocol dissectors. By sending a malformed packet or creating a malformed packet trace file, a remote attacker could overflow a buffer and cause Ethereal to crash or possibly execute code on the system.

Platforms Affected:

• Canonical, Ubuntu 4.10
• Conectiva, Linux 8.0
• Conectiva, Linux 9.0
• Debian, Debian Linux 3.0
• Ethereal, Ethereal 0.8.13 - 0.10.2
• Gentoo, Linux
• MandrakeSoft, Mandrake Linux 9.1 PPC
• MandrakeSoft, Mandrake Linux 9.1
• MandrakeSoft, Mandrake Linux 9.2
• MandrakeSoft, Mandrake Linux 9.2 AMD64
• OpenPKG, OpenPKG 1.3
• OpenPKG, OpenPKG 2.0
• OpenPKG, OpenPKG CURRENT
• RedHat, Enterprise Linux 2.1 WS
• RedHat, Enterprise Linux 2.1 AS
• RedHat, Enterprise Linux 2.1 ES
• RedHat, Enterprise Linux 3 WS
• RedHat, Enterprise Linux 3 ES
• RedHat, Enterprise Linux 3 AS
• RedHat, Linux 9.0
• RedHat, Linux Advanced Workstation 2.1 Itanium
• SuSE, SuSE Linux 9.0
• SuSE, SuSE Linux 9.1
• SuSE, SuSE Linux Connectivity Server
• SuSE, SuSE Linux Database Server
• SuSE, SuSE Linux Enterprise Server 7.0
• SuSE, SuSE Linux Office Server

Remedy:

Upgrade to the latest version of Ethereal (0.10.3 or later), when it becomes available from the Ethereal Web site. See References.

For Gentoo Linux:
Upgrade to the latest version of ethereal (0.10.3 or later), as listed in GLSA 200403-07. See References.

For Conectiva Linux:
Upgrade to the latest ethereal package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2004:835 for more information. See References.

Conectiva Linux 8 and 9: 0.10.3-27097U90_2cl or later

For Red Hat Linux 9:
Upgrade to the latest ethereal package (0.10.3-0.90.1 or later), as listed in RHSA-2004:137-07. See References.

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest ethereal package (0.9.4-1woody7 or later), as listed in DSA-511-1. See References.

For OpenPKG:
Refer to OpenPKG Security Advisory OpenPKG-SA-2004.015 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

• CIAC Information Bulletin 0-105, Multiple Vulnerabilities in Ethereal 0.10.2 at http://www.ciac.org/ciac/bulletins/o-105.shtml.
• Conectiva Linux Security Announcement CLSA-2004:835, ethereal at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000835.
• e-matters Security Advisory 03/2004, Multiple (13) Ethereal remote overflows at http://packetstorm.linuxsecurity.com/0403-advisories/032004.txt.
• Ethereal Application Note enpa-sa-00013, Multiple security problems in Ethereal 0.10.2 at http://www.ethereal.com/appnotes/enpa-sa-00013.html.
• Ethereal Web site, The Ethereal Network Analyzer at http://www.ethereal.com/.
• GLSA 200403-07, Multiple remote overflows and vulnerabilities in Ethereal at http://www.linuxsecurity.com/content/view/105872/104/.
• SecuriTeam Mailing List, Security Holes & Exploits 30 Mar 2004, Ethereal EIGRP Dissector Buffer Overflow Exploit at http://www.securiteam.com/exploits/5EP0Y00CAE.html.
• BID-9952: Ethereal Multiple Vulnerabilities
• CVE-2004-0176: Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors.
• DSA-511: ethereal -- buffer overflows
• GLSA-200403-07: Multiple remote overflows and vulnerabilities in Ethereal
• MDKSA-2004:024: Updated ethereal packages fix multiple vulnerabilities
• OpenPKG-SA-2004.015: ethereal
• OSVDB ID: 6893: Ethereal BGP Dissector MPLS Label Overflow
• RHSA-2004-136: ethereal security update
• RHSA-2004-137: Updated Ethereal packages fix security issues
• SA11185: Ethereal Multiple Vulnerabilities
• SUSE-SA:2004:012: mc: local privilege escalation
• US-CERT VU#119876: Ethereal contains multiple vulnerabilities in the EIGRP protocol dissector
• US-CERT VU#125156: Ethereal contains multiple vulnerabilities in the UCP protocol dissector
• US-CERT VU#433596: Ethereal integer underflow when parsing malformed PGM packets with NAK lists
• US-CERT VU#591820: Ethereal fails to properly decode Transaction IDs within TCAP packets
• US-CERT VU#644886: Ethereal fails to properly parse NetFlow UDP packets with an overly large template_entry count
• US-CERT VU#659140: Ethereal ISUP protocol dissector fails to properly decode ISUP packets
• US-CERT VU#740188: Ethereal IrDA dissector plugin fails to properly parse IRCOM_PORT_NAME parameter
• US-CERT VU#864884: Ethereal contains multiple vulnerabilities in the IGAP protocol dissector
• US-CERT VU#931588: Ethereal fails to properly decode BGP packets containing MPLS IPv6 labels
• USN-82-1: Linux kernel vulnerabilities

Reported:

Mar 22, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page