|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2005-0084: ethereal | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Ludwig Nussel <lnussel> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | CVE-2005-0084: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Ludwig Nussel
2004-12-15 17:51:08 UTC
* This comment was added by mail. Date: Wed, 15 Dec 2004 08:43:26 +0000 (GMT) From: Mark J Cox <mjc@redhat.com> To: Gerald Combs <gerald@ethereal.com> Cc: vendor-sec@lst.de, rvokal@redhat.com Subject: Re: [vendor-sec] Upcoming Ethereal release (0.10.8) fixes several vulnerabilities Hope there is still time for you to use the following CVE names in your announcement: CAN-2004-1139 CAN-2004-1140 CAN-2004-1141 CAN-2004-1142 _______________________________________________ Vendor Security mailing list Vendor Security@lst.de https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec * This comment was added by mail. *grmbl* stupid mail interface strips quotes. Date: Wed, 15 Dec 2004 08:43:26 +0000 (GMT) From: Mark J Cox <mjc@redhat.com> To: Gerald Combs <gerald@ethereal.com> Cc: vendor-sec@lst.de, rvokal@redhat.com Subject: Re: [vendor-sec] Upcoming Ethereal release (0.10.8) fixes several vulnerabilities Hope there is still time for you to use the following CVE names in your announcement: | Matthew Bing discovered a bug in DICOM dissection that could make | Ethereal crash. | Versions affected: 0.10.4 - 0.10.7 | Revision fixed: 12504 CAN-2004-1139 | An invalid RTP timestamp could make Ethereal hang and create a large | temporary file, possibly filling available disk space. | Versions affected: 0.9.16 - 0.10.7 | Revision fixed: 12656 CAN-2004-1140 | The HTTP dissector could access previously-freed memory, causing | a crash. | Versions affected: 0.10.1 - 0.10.7 | Revision fixed: 12640 & 12668 CAN-2004-1141 | Brian Caswell discovered that an improperly formatted SMB packet | could make Ethereal hang, maximizing CPU utilization.<br> | Versions affected: 0.9.0 - 0.10.7 | Revision fixed: 12706 CAN-2004-1142 _______________________________________________ Vendor Security mailing list Vendor Security@lst.de https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec Ethereal 0.10.9 is scheduled to be released tomorrow (January 18). It
will address the following issues:
The COPS dissector could go into an infinite loop.
Versions affected: 0.10.6 - 0.10.8
Fixed in revision: 13075
The DLSw dissector could cause an assertion, making Ethereal exit
prematurely.
Versions affected: 0.10.6 - 0.10.8
Fixed in revision: 13012
The DNP dissector could cause memory corruption.
Versions affected: 0.10.5 - 0.10.8
Fixed in revision: 13083
The Gnutella dissector could cuase an assertion, making Ethereal exit
prematurely.
Versions affected: 0.10.6 - 0.10.8
Fixed in revision: 13032
The MMSE dissector could free statically-allocated memory.
Versions affected: 0.10.4 - 0.10.8
Fixed in revision: 12801
The X11 dissector is vulnerable to a string buffer overflow.
Versions affected: 0.8.10 - 0.10.8
Fixed in revision: 13057
Ethereal's SVN repository can be browsed online at
http://anonsvn.ethereal.com/viewcvs/viewcvs.py/
Information on obtaining the source code can be found at
http://www.ethereal.com/development.html#source
ETA on the official release of 0.10.9 is Wednesday, January 19 at 3:00
PM CST (21:00 UTC). Notification will be made via the ethereal-announce
mailing list and the web site.
All different flaw types looking at the patches, therefore one cve name
per issue:
>Ethereal 0.10.9 is scheduled to be released tomorrow (January 18). It
>will address the following issues:
>
> The COPS dissector could go into an infinite loop.
> Versions affected: 0.10.6 - 0.10.8
> Fixed in revision: 13075
CAN-2005-0006
> The DLSw dissector could cause an assertion, making Ethereal exit
> prematurely.
> Versions affected: 0.10.6 - 0.10.8
> Fixed in revision: 13012
CAN-2005-0007
> The DNP dissector could cause memory corruption.
> Versions affected: 0.10.5 - 0.10.8
> Fixed in revision: 13083
CAN-2005-0008
> The Gnutella dissector could cuase an assertion, making Ethereal exit
> prematurely.
> Versions affected: 0.10.6 - 0.10.8
> Fixed in revision: 13032
CAN-2005-0009
> The MMSE dissector could free statically-allocated memory.
> Versions affected: 0.10.4 - 0.10.8
> Fixed in revision: 12801
CAN-2005-0010
> The X11 dissector is vulnerable to a string buffer overflow.
> Versions affected: 0.8.10 - 0.10.8
> Fixed in revision: 13057
CAN-2005-0084
From: Gerald Combs <gerald@ethereal.com> To: vendor-sec@lst.de Subject: [vendor-sec] Re: Upcoming Ethereal release (0.10.9) fixes several +vulnerabilities I wrote: > ETA on the official release of 0.10.9 is Wednesday, January 19 at 3:00 > PM CST (21:00 UTC). Notification will be made via the ethereal-announce > mailing list and the web site. The ETA has been moved back 24 hours to Thursday, January 20 at 3:00 PM CST (21:00 UTC) in order to add allow updates to be made to the H.450 dissector. My apologies for the late notice. As always, What status is of this bug, have I make security update for all distros? yes please create updates for all distros. From: Gerald Combs <gerald@ethereal.com> User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) To: Martin Schulze <joey@infodrom.org> Cc: vendor-sec@lst.de Subject: [vendor-sec] Re: Upcoming Ethereal release (0.10.9) fixes several vulnerabilities Errors-To: vendor-sec-admin@lst.de Date: Thu, 20 Jan 2005 09:11:19 -0600 Martin Schulze wrote: > Any reason why %s=%d becomes %s%u instead of %s=%u? > > - if (c) > - bp += sprintf(bp, " %s=%d", modifiers[m], c); > + if (c) { > + proto_item_append_text(tikc, "%s%u", sep, c); > + sep = ", "; > + } It's a typo, and was fixed in revision 13058: http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/epan/dissectors/packet-x11.c You may want to include revision 13059 as well. It handles invalid keycodes more gracefully. _______________________________________________ Vendor Security mailing list Vendor Security@lst.de https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec I fixed and submited ethereal package for all distros: Changelog for 9.2-x86_64,9.2-i386: - fixed security bugs in DICOM, HTTP, SMB, COPS, DLSw, DNP, Gnutella, MMSE, X11 dissectors and invalid RTP timestamp [#49253] (CAN-2004-1139, CAN-2004-1140, CAN-2004-1141, CAN-2005-0006, CAN-2005-0007, CAN-2005-0008, CAN-2005-0009, CAN-2005-0010, CAN-2005-0084, CAN-2004-1142) Changelog for sles9-i386,sles9-ia64,sles9-ppc,les9-s390,sles9-s390x,sles9-x86_64,sles8-ppc,sles8-s390,sles8-s390x,8.1-i386,8.2-i386,9.0-i386,9.0-x86_64,9.1-i386,9.1-x86_64,ul1-i386,ul1-ia64,ul1-x86_64: - fixed security bugs in HTTP, SMB, X11 dissectors and invalid RTP timestamp [#49253] (CAN-2004-1140, CAN-2004-1141, CAN-2005-0084, CAN-2004-1142) Sorry, I will submit it in moment. submited SM-Tracker - 232 `/work/src/done/PATCHINFO/patchinfo.ethereal' `/work/src/done/PATCHINFO/patchinfo-box.ethereal' updated packages released. CVE-2005-0084: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) |