Bug 42347 (suse27347)

Summary: several security problems in Ethereal 0.9.12
Product: [Novell Products] SUSE Security Incidents Reporter: Petr Ostadal <postadal>
Component: IncidentsAssignee: Thomas Biege <thomas>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: lmuelle, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2003-0432: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:NVD:CVE-2003-0428:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: patchinfo
putonftp

Description Petr Ostadal 2003-06-12 21:49:14 UTC 
http://www.ethereal.com/appnotes/enpa-sa-00010.html

Description:

Further source code auditing by Timo Sirainen has turned up several string
handling flaws in various protocol dissectors. Separate security problems were
discovered by other people:

    * The DCERPC dissector could try to allocate too much memory while trying to
decode an NDR string.
    * Bad IPv4 or IPv6 prefix lengths could cause an overflow in the OSI dissector.
    * The SPNEGO dissector could segfault while parsing an invalid ASN.1 value.
    * The tvb_get_nstringz0() routine incorrectly handled a zero-length buffer size.
    * The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI dissectors
handled strings improperly. 

Impact:

It may be possible to make Ethereal crash or run arbitrary code by injecting a
purposefully malformed packet onto the wire, or by convincing someone to read a
malformed packet trace file.
Comment 1 Olaf Kirch 2003-06-20 16:34:04 UTC 
It looks like we need to create an update for this.
Petr, can you do this, please?
Comment 2 Petr Ostadal 2003-06-20 16:48:06 UTC 
yes I work on it, but backport for all old version take me some time ;(...
Comment 3 Olaf Kirch 2003-06-20 16:53:27 UTC 
Sure, no problem. Just wanted to make sure we are on the same page :)
Comment 5 Lars Müller 2003-06-24 17:46:24 UTC 
And if possible please add the CAN ids to the changelog.
Comment 6 Petr Ostadal 2003-07-12 03:06:19 UTC 
Fixed, now I waiting for p&p from Thomas
Comment 7 Thomas Biege 2003-07-14 15:43:57 UTC 
Created attachment 13088 [details]
patchinfo
Comment 8 Thomas Biege 2003-07-14 15:48:46 UTC 
Created attachment 13089 [details]
putonftp
Comment 9 Thomas Biege 2003-07-14 15:53:31 UTC 
Is this package tested enough too bypass QA testing?
Comment 10 Petr Ostadal 2003-07-14 19:08:57 UTC 
I tested it but I think it needs to test more protocols than I did it.
Comment 11 Petr Ostadal 2003-07-15 17:27:42 UTC 
Fixed packages and patchinfo were submited.
Comment 12 Thomas Biege 2003-07-15 20:20:29 UTC 
I think I will approve it w/o further testing.
Comment 13 Petr Ostadal 2003-07-19 01:05:01 UTC 
Ok
Comment 14 Thomas Biege 2003-07-21 20:27:34 UTC 
So, I was thinking wrong. I needs testing. QA is informed.
Comment 15 Lars Müller 2003-08-07 17:21:44 UTC 
Is the package from SuSE Linux 8.0 not affected? I didn't find a fixed version
in the SuSE Linux 8.0 update tree of euklid.
Comment 16 Petr Ostadal 2003-08-07 17:52:57 UTC 
The fix is on the way...
Comment 17 Thomas Biege 2003-08-11 17:40:14 UTC 
approved
Comment 18 Thomas Biege 2003-08-11 17:56:32 UTC 
approved
Comment 19 Thomas Biege 2009-10-13 19:35:13 UTC 
CVE-2003-0432: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)