Bugzilla – Bug 64253
VUL-0: CVE-2005-0084: ethereal
Last modified: 2021-11-09 14:48:11 UTC
We received the following report via vendor-sec. The issue is public. *sigh* sounds like DoS only issues. I suppose we can ignore them for now and consider fixing them if something bigger shows up. Date: Tue, 14 Dec 2004 17:26:03 -0600 From: Gerald Combs <gerald@ethereal.com> To: vendor-sec@lst.de Subject: [vendor-sec] Upcoming Ethereal release (0.10.8) fixes several vulnerabilities Ethereal 0.10.8 is scheduled to be released tomorrow (December 15). It will address the following issues: Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash. Versions affected: 0.10.4 - 0.10.7 Revision fixed: 12504 An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling available disk space. Versions affected: 0.9.16 - 0.10.7 Revision fixed: 12656 The HTTP dissector could access previously-freed memory, causing a crash. Versions affected: 0.10.1 - 0.10.7 Revision fixed: 12640 & 12668 Brian Caswell discovered that an improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization.<br> Versions affected: 0.9.0 - 0.10.7 Revision fixed: 12706 Ethereal's SVN repository can be browsed online at http://anonsvn.ethereal.com/viewcvs/viewcvs.py/ Information on checking out the source code directly can be found at http://www.ethereal.com/development.html#source _______________________________________________ Vendor Security mailing list Vendor Security@lst.de https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
* This comment was added by mail. Date: Wed, 15 Dec 2004 08:43:26 +0000 (GMT) From: Mark J Cox <mjc@redhat.com> To: Gerald Combs <gerald@ethereal.com> Cc: vendor-sec@lst.de, rvokal@redhat.com Subject: Re: [vendor-sec] Upcoming Ethereal release (0.10.8) fixes several vulnerabilities Hope there is still time for you to use the following CVE names in your announcement: CAN-2004-1139 CAN-2004-1140 CAN-2004-1141 CAN-2004-1142 _______________________________________________ Vendor Security mailing list Vendor Security@lst.de https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
* This comment was added by mail. *grmbl* stupid mail interface strips quotes. Date: Wed, 15 Dec 2004 08:43:26 +0000 (GMT) From: Mark J Cox <mjc@redhat.com> To: Gerald Combs <gerald@ethereal.com> Cc: vendor-sec@lst.de, rvokal@redhat.com Subject: Re: [vendor-sec] Upcoming Ethereal release (0.10.8) fixes several vulnerabilities Hope there is still time for you to use the following CVE names in your announcement: | Matthew Bing discovered a bug in DICOM dissection that could make | Ethereal crash. | Versions affected: 0.10.4 - 0.10.7 | Revision fixed: 12504 CAN-2004-1139 | An invalid RTP timestamp could make Ethereal hang and create a large | temporary file, possibly filling available disk space. | Versions affected: 0.9.16 - 0.10.7 | Revision fixed: 12656 CAN-2004-1140 | The HTTP dissector could access previously-freed memory, causing | a crash. | Versions affected: 0.10.1 - 0.10.7 | Revision fixed: 12640 & 12668 CAN-2004-1141 | Brian Caswell discovered that an improperly formatted SMB packet | could make Ethereal hang, maximizing CPU utilization.<br> | Versions affected: 0.9.0 - 0.10.7 | Revision fixed: 12706 CAN-2004-1142 _______________________________________________ Vendor Security mailing list Vendor Security@lst.de https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
Ethereal 0.10.9 is scheduled to be released tomorrow (January 18). It will address the following issues: The COPS dissector could go into an infinite loop. Versions affected: 0.10.6 - 0.10.8 Fixed in revision: 13075 The DLSw dissector could cause an assertion, making Ethereal exit prematurely. Versions affected: 0.10.6 - 0.10.8 Fixed in revision: 13012 The DNP dissector could cause memory corruption. Versions affected: 0.10.5 - 0.10.8 Fixed in revision: 13083 The Gnutella dissector could cuase an assertion, making Ethereal exit prematurely. Versions affected: 0.10.6 - 0.10.8 Fixed in revision: 13032 The MMSE dissector could free statically-allocated memory. Versions affected: 0.10.4 - 0.10.8 Fixed in revision: 12801 The X11 dissector is vulnerable to a string buffer overflow. Versions affected: 0.8.10 - 0.10.8 Fixed in revision: 13057 Ethereal's SVN repository can be browsed online at http://anonsvn.ethereal.com/viewcvs/viewcvs.py/ Information on obtaining the source code can be found at http://www.ethereal.com/development.html#source ETA on the official release of 0.10.9 is Wednesday, January 19 at 3:00 PM CST (21:00 UTC). Notification will be made via the ethereal-announce mailing list and the web site.
All different flaw types looking at the patches, therefore one cve name per issue: >Ethereal 0.10.9 is scheduled to be released tomorrow (January 18). It >will address the following issues: > > The COPS dissector could go into an infinite loop. > Versions affected: 0.10.6 - 0.10.8 > Fixed in revision: 13075 CAN-2005-0006 > The DLSw dissector could cause an assertion, making Ethereal exit > prematurely. > Versions affected: 0.10.6 - 0.10.8 > Fixed in revision: 13012 CAN-2005-0007 > The DNP dissector could cause memory corruption. > Versions affected: 0.10.5 - 0.10.8 > Fixed in revision: 13083 CAN-2005-0008 > The Gnutella dissector could cuase an assertion, making Ethereal exit > prematurely. > Versions affected: 0.10.6 - 0.10.8 > Fixed in revision: 13032 CAN-2005-0009 > The MMSE dissector could free statically-allocated memory. > Versions affected: 0.10.4 - 0.10.8 > Fixed in revision: 12801 CAN-2005-0010 > The X11 dissector is vulnerable to a string buffer overflow. > Versions affected: 0.8.10 - 0.10.8 > Fixed in revision: 13057 CAN-2005-0084
From: Gerald Combs <gerald@ethereal.com> To: vendor-sec@lst.de Subject: [vendor-sec] Re: Upcoming Ethereal release (0.10.9) fixes several +vulnerabilities I wrote: > ETA on the official release of 0.10.9 is Wednesday, January 19 at 3:00 > PM CST (21:00 UTC). Notification will be made via the ethereal-announce > mailing list and the web site. The ETA has been moved back 24 hours to Thursday, January 20 at 3:00 PM CST (21:00 UTC) in order to add allow updates to be made to the H.450 dissector. My apologies for the late notice. As always,
What status is of this bug, have I make security update for all distros?
yes please create updates for all distros.
From: Gerald Combs <gerald@ethereal.com> User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) To: Martin Schulze <joey@infodrom.org> Cc: vendor-sec@lst.de Subject: [vendor-sec] Re: Upcoming Ethereal release (0.10.9) fixes several vulnerabilities Errors-To: vendor-sec-admin@lst.de Date: Thu, 20 Jan 2005 09:11:19 -0600 Martin Schulze wrote: > Any reason why %s=%d becomes %s%u instead of %s=%u? > > - if (c) > - bp += sprintf(bp, " %s=%d", modifiers[m], c); > + if (c) { > + proto_item_append_text(tikc, "%s%u", sep, c); > + sep = ", "; > + } It's a typo, and was fixed in revision 13058: http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/epan/dissectors/packet-x11.c You may want to include revision 13059 as well. It handles invalid keycodes more gracefully. _______________________________________________ Vendor Security mailing list Vendor Security@lst.de https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
I fixed and submited ethereal package for all distros: Changelog for 9.2-x86_64,9.2-i386: - fixed security bugs in DICOM, HTTP, SMB, COPS, DLSw, DNP, Gnutella, MMSE, X11 dissectors and invalid RTP timestamp [#49253] (CAN-2004-1139, CAN-2004-1140, CAN-2004-1141, CAN-2005-0006, CAN-2005-0007, CAN-2005-0008, CAN-2005-0009, CAN-2005-0010, CAN-2005-0084, CAN-2004-1142) Changelog for sles9-i386,sles9-ia64,sles9-ppc,les9-s390,sles9-s390x,sles9-x86_64,sles8-ppc,sles8-s390,sles8-s390x,8.1-i386,8.2-i386,9.0-i386,9.0-x86_64,9.1-i386,9.1-x86_64,ul1-i386,ul1-ia64,ul1-x86_64: - fixed security bugs in HTTP, SMB, X11 dissectors and invalid RTP timestamp [#49253] (CAN-2004-1140, CAN-2004-1141, CAN-2005-0084, CAN-2004-1142)
Sorry, I will submit it in moment.
submited
SM-Tracker - 232
`/work/src/done/PATCHINFO/patchinfo.ethereal' `/work/src/done/PATCHINFO/patchinfo-box.ethereal'
updated packages released.
CVE-2005-0084: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)