Bug 42347 (suse27347) - several security problems in Ethereal 0.9.12
Summary: several security problems in Ethereal 0.9.12
Status: RESOLVED FIXED
Alias: suse27347
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Major
Target Milestone: ---
Assignee: Thomas Biege
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2003-0432: CVSS v2 Base Score: 10...
Keywords:
Depends on:
Blocks:
 
Reported: 2003-06-12 21:49 UTC by Petr Ostadal
Modified: 2021-09-25 14:32 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
patchinfo (987 bytes, text/plain)
2003-07-14 15:43 UTC, Thomas Biege 		Details
putonftp (304 bytes, text/plain)
2003-07-14 15:48 UTC, Thomas Biege 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Ostadal 2003-06-12 21:49:14 UTC 
http://www.ethereal.com/appnotes/enpa-sa-00010.html

Description:

Further source code auditing by Timo Sirainen has turned up several string
handling flaws in various protocol dissectors. Separate security problems were
discovered by other people:

    * The DCERPC dissector could try to allocate too much memory while trying to
decode an NDR string.
    * Bad IPv4 or IPv6 prefix lengths could cause an overflow in the OSI dissector.
    * The SPNEGO dissector could segfault while parsing an invalid ASN.1 value.
    * The tvb_get_nstringz0() routine incorrectly handled a zero-length buffer size.
    * The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI dissectors
handled strings improperly. 

Impact:

It may be possible to make Ethereal crash or run arbitrary code by injecting a
purposefully malformed packet onto the wire, or by convincing someone to read a
malformed packet trace file.
Comment 1 Olaf Kirch 2003-06-20 16:34:04 UTC 
It looks like we need to create an update for this.
Petr, can you do this, please?
Comment 2 Petr Ostadal 2003-06-20 16:48:06 UTC 
yes I work on it, but backport for all old version take me some time ;(...
Comment 3 Olaf Kirch 2003-06-20 16:53:27 UTC 
Sure, no problem. Just wanted to make sure we are on the same page :)
Comment 5 Lars Müller 2003-06-24 17:46:24 UTC 
And if possible please add the CAN ids to the changelog.
Comment 6 Petr Ostadal 2003-07-12 03:06:19 UTC 
Fixed, now I waiting for p&p from Thomas
Comment 7 Thomas Biege 2003-07-14 15:43:57 UTC 
Created attachment 13088 [details]
patchinfo
Comment 8 Thomas Biege 2003-07-14 15:48:46 UTC 
Created attachment 13089 [details]
putonftp
Comment 9 Thomas Biege 2003-07-14 15:53:31 UTC 
Is this package tested enough too bypass QA testing?
Comment 10 Petr Ostadal 2003-07-14 19:08:57 UTC 
I tested it but I think it needs to test more protocols than I did it.
Comment 11 Petr Ostadal 2003-07-15 17:27:42 UTC 
Fixed packages and patchinfo were submited.
Comment 12 Thomas Biege 2003-07-15 20:20:29 UTC 
I think I will approve it w/o further testing.
Comment 13 Petr Ostadal 2003-07-19 01:05:01 UTC 
Ok
Comment 14 Thomas Biege 2003-07-21 20:27:34 UTC 
So, I was thinking wrong. I needs testing. QA is informed.
Comment 15 Lars Müller 2003-08-07 17:21:44 UTC 
Is the package from SuSE Linux 8.0 not affected? I didn't find a fixed version
in the SuSE Linux 8.0 update tree of euklid.
Comment 16 Petr Ostadal 2003-08-07 17:52:57 UTC 
The fix is on the way...
Comment 17 Thomas Biege 2003-08-11 17:40:14 UTC 
approved
Comment 18 Thomas Biege 2003-08-11 17:56:32 UTC 
approved
Comment 19 Thomas Biege 2009-10-13 19:35:13 UTC 
CVE-2003-0432: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)