Bugzilla – Attachment 13088 Details for
Bug 42347
several security problems in Ethereal 0.9.12
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
patchinfo
patchinfo.ethereal3 (text/plain), 987 bytes, created by
Thomas Biege
on 2003-07-14 15:43:57 UTC
(
hide
)
Description:
patchinfo
Filename:
MIME Type:
Creator:
Thomas Biege
Created:
2003-07-14 15:43:57 UTC
Size:
987 bytes
patch
obsolete
>DISTRIBUTION: sles7-i386,7.0-s390,sles8-ppc,sles8-s390,sles8-s390x,ul1-i386,ul1-ia64,ul1-x86_64 >PACKAGE: ethereal >PACKAGER: postadal@suse.cz >PRESCRIPT: >POSTSCRIPT: >CD-Produkt-Name: >CD-Produkt-Version: >REQUIRES: >CATEGORY: security >INDICATIONS: Everyone using ethereal in an untrusted environment should update. >CONTRAINDICATIONS: >PRE: >POST: >DESCRIPTION: >Variuos security related bugs in ethereal were found. These bugs can be used to >crash ethereal or to execute arbitrary code. The following list explains the bugs: > * The DCERPC dissector could try to allocate too much memory while trying to > decode an NDR string. > * Bad IPv4 or IPv6 prefix lengths could cause an overflow in the OSI dissector. > * The SPNEGO dissector could segfault while parsing an invalid ASN.1 value. > * The tvb_get_nstringz0() routine incorrectly handled a zero-length buffer size. > * The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI dissectors > handled strings improperly. >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13088">View the attachment on a separate page</a>.</b>
Actions:
View
Attachments on
bug 42347
: 13088 |
13089