Bug 64253 - (CVE-2005-0084) VUL-0: CVE-2005-0084: ethereal
(CVE-2005-0084)
VUL-0: CVE-2005-0084: ethereal
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All Linux
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVE-2005-0084: CVSS v2 Base Score: 7....
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-12-15 17:51 UTC by Ludwig Nussel
Modified: 2021-11-09 14:48 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2004-12-15 17:51:08 UTC
We received the following report via vendor-sec.
The issue is public.

*sigh* sounds like DoS only issues. I suppose we can ignore them for
now and consider fixing them if something bigger shows up.

Date: Tue, 14 Dec 2004 17:26:03 -0600
From: Gerald Combs <gerald@ethereal.com>
To: vendor-sec@lst.de
Subject: [vendor-sec] Upcoming Ethereal release (0.10.8) fixes several vulnerabilities

Ethereal 0.10.8 is scheduled to be released tomorrow (December 15).  It
will address the following issues:

  Matthew Bing discovered a bug in DICOM dissection that could make
  Ethereal crash.
  Versions affected: 0.10.4 - 0.10.7
  Revision fixed: 12504

  An invalid RTP timestamp could make Ethereal hang and create a large
  temporary file, possibly filling available disk space.
  Versions affected: 0.9.16 - 0.10.7
  Revision fixed: 12656

  The HTTP dissector could access previously-freed memory, causing
  a crash.
  Versions affected: 0.10.1 - 0.10.7
  Revision fixed: 12640 & 12668

  Brian Caswell discovered that an improperly formatted SMB packet
  could make Ethereal hang, maximizing CPU utilization.<br>
  Versions affected: 0.9.0 - 0.10.7
  Revision fixed: 12706


Ethereal's SVN repository can be browsed online at

    http://anonsvn.ethereal.com/viewcvs/viewcvs.py/

Information on checking out the source code directly can be found at

    http://www.ethereal.com/development.html#source
_______________________________________________
Vendor Security mailing list
Vendor Security@lst.de
https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
Comment 1 Ludwig Nussel 2004-12-15 17:51:51 UTC
* This comment was added by mail.
Date: Wed, 15 Dec 2004 08:43:26 +0000 (GMT)
From: Mark J Cox <mjc@redhat.com>
To: Gerald Combs <gerald@ethereal.com>
Cc: vendor-sec@lst.de, rvokal@redhat.com
Subject: Re: [vendor-sec] Upcoming Ethereal release (0.10.8) fixes several
 vulnerabilities

Hope there is still time for you to use the following CVE names in your 
announcement:


CAN-2004-1139


CAN-2004-1140


CAN-2004-1141


CAN-2004-1142

_______________________________________________
Vendor Security mailing list
Vendor Security@lst.de
https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
Comment 2 Ludwig Nussel 2004-12-15 17:53:17 UTC
* This comment was added by mail.
*grmbl* stupid mail interface strips quotes.

Date: Wed, 15 Dec 2004 08:43:26 +0000 (GMT)
From: Mark J Cox <mjc@redhat.com>
To: Gerald Combs <gerald@ethereal.com>
Cc: vendor-sec@lst.de, rvokal@redhat.com
Subject: Re: [vendor-sec] Upcoming Ethereal release (0.10.8) fixes several
 vulnerabilities

Hope there is still time for you to use the following CVE names in your 
announcement:

| Matthew Bing discovered a bug in DICOM dissection that could make
| Ethereal crash.
| Versions affected: 0.10.4 - 0.10.7
| Revision fixed: 12504

CAN-2004-1139

| An invalid RTP timestamp could make Ethereal hang and create a large
| temporary file, possibly filling available disk space.
| Versions affected: 0.9.16 - 0.10.7
| Revision fixed: 12656

CAN-2004-1140

| The HTTP dissector could access previously-freed memory, causing
| a crash.
| Versions affected: 0.10.1 - 0.10.7
| Revision fixed: 12640 & 12668

CAN-2004-1141

| Brian Caswell discovered that an improperly formatted SMB packet
| could make Ethereal hang, maximizing CPU utilization.<br>
| Versions affected: 0.9.0 - 0.10.7
| Revision fixed: 12706

CAN-2004-1142

_______________________________________________
Vendor Security mailing list
Vendor Security@lst.de
https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
Comment 3 Marcus Meissner 2005-01-20 18:30:52 UTC
Ethereal 0.10.9 is scheduled to be released tomorrow (January 18).  It           
will address the following issues:                                               
                                                                                 
  The COPS dissector could go into an infinite loop.                             
  Versions affected: 0.10.6 - 0.10.8                                             
  Fixed in revision: 13075                                                       
                                                                                 
  The DLSw dissector could cause an assertion, making Ethereal exit              
  prematurely.                                                                   
  Versions affected: 0.10.6 - 0.10.8                                             
  Fixed in revision: 13012                                                       
                                                                                 
  The DNP dissector could cause memory corruption.                               
  Versions affected: 0.10.5 - 0.10.8                                             
  Fixed in revision: 13083                                                       
                                                                                 
  The Gnutella dissector could cuase an assertion, making Ethereal exit          
  prematurely.                                                                   
  Versions affected: 0.10.6 - 0.10.8                                             
  Fixed in revision: 13032                                                       
                                                                                 
  The MMSE dissector could free statically-allocated memory.                     
  Versions affected: 0.10.4 - 0.10.8                                             
  Fixed in revision: 12801                                                       
                                                                                 
  The X11 dissector is vulnerable to a string buffer overflow.                   
  Versions affected: 0.8.10 - 0.10.8                                             
  Fixed in revision: 13057                                                       
                                                                                 
                                                                                 
Ethereal's SVN repository can be browsed online at                               
                                                                                 
    http://anonsvn.ethereal.com/viewcvs/viewcvs.py/                              
                                                                                 
Information on obtaining the source code can be found at                         
                                                                                 
    http://www.ethereal.com/development.html#source                              
                                                                                 
ETA on the official release of 0.10.9 is Wednesday, January 19 at 3:00           
PM CST (21:00 UTC).  Notification will be made via the ethereal-announce         
mailing list and the web site.             
Comment 4 Marcus Meissner 2005-01-20 18:31:04 UTC
All different flaw types looking at the patches, therefore one cve name          
per issue:                                                                       
                                                                                 
>Ethereal 0.10.9 is scheduled to be released tomorrow (January 18).  It          
>will address the following issues:                                              
>                                                                                
> The COPS dissector could go into an infinite loop.                             
> Versions affected: 0.10.6 - 0.10.8                                             
> Fixed in revision: 13075                                                       
                                                                                 
CAN-2005-0006                                                                    
                                                                                 
> The DLSw dissector could cause an assertion, making Ethereal exit              
> prematurely.                                                                   
> Versions affected: 0.10.6 - 0.10.8                                             
> Fixed in revision: 13012                                                       
                                                                                 
CAN-2005-0007                                                                    
                                                                                 
> The DNP dissector could cause memory corruption.                               
> Versions affected: 0.10.5 - 0.10.8                                             
> Fixed in revision: 13083                                                       
                                                                                 
CAN-2005-0008                                                                    
                                                                                 
> The Gnutella dissector could cuase an assertion, making Ethereal exit          
> prematurely.                                                                   
> Versions affected: 0.10.6 - 0.10.8                                             
> Fixed in revision: 13032                                                       
                                                                                 
CAN-2005-0009                                                                    
                                                                                 
> The MMSE dissector could free statically-allocated memory.                     
> Versions affected: 0.10.4 - 0.10.8                                             
> Fixed in revision: 12801                                                       
                                                                                 
CAN-2005-0010                                                                    
                                                                                 
> The X11 dissector is vulnerable to a string buffer overflow.                   
> Versions affected: 0.8.10 - 0.10.8                                             
> Fixed in revision: 13057                                                       
                                                                                 
CAN-2005-0084                                                                    
Comment 5 Marcus Meissner 2005-01-20 18:31:18 UTC
From: Gerald Combs <gerald@ethereal.com>                                         
To: vendor-sec@lst.de                                                            
Subject: [vendor-sec] Re: Upcoming Ethereal release (0.10.9) fixes several       
+vulnerabilities                                                                 
                                                                                 
I wrote:                                                                         
                                                                                 
> ETA on the official release of 0.10.9 is Wednesday, January 19 at 3:00         
> PM CST (21:00 UTC).  Notification will be made via the ethereal-announce       
> mailing list and the web site.                                                 
                                                                                 
The ETA has been moved back 24 hours to Thursday, January 20 at 3:00 PM          
CST (21:00 UTC) in order to add allow updates to be made to the H.450            
dissector.  My apologies for the late notice.                                    
                                                                                 
As always,                                                                       
Comment 6 Petr Ostadal 2005-01-20 20:39:28 UTC
What status is of this bug, have I make security update for all distros?
Comment 7 Marcus Meissner 2005-01-20 20:41:08 UTC
yes please create updates for all distros. 
Comment 8 Thomas Biege 2005-01-21 17:28:11 UTC
From: Gerald Combs <gerald@ethereal.com> 
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) 
To: Martin Schulze <joey@infodrom.org> 
Cc: vendor-sec@lst.de 
Subject: [vendor-sec] Re: Upcoming Ethereal release (0.10.9) fixes several 
vulnerabilities 
Errors-To: vendor-sec-admin@lst.de 
Date: Thu, 20 Jan 2005 09:11:19 -0600 
 
Martin Schulze wrote: 
 
> Any reason why %s=%d becomes %s%u instead of %s=%u? 
> 
> -               if (c) 
> -                   bp += sprintf(bp, " %s=%d", modifiers[m], c); 
> +               if (c) { 
> +                   proto_item_append_text(tikc, "%s%u", sep, c); 
> +                   sep = ", "; 
> +               } 
 
It's a typo, and was fixed in revision 13058: 
 
http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/epan/dissectors/packet-x11.c 
 
You may want to include revision 13059 as well.  It handles invalid 
keycodes more gracefully. 
_______________________________________________ 
Vendor Security mailing list 
Vendor Security@lst.de 
https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec 
 
Comment 9 Petr Ostadal 2005-01-21 23:48:49 UTC
I fixed and submited ethereal package for all distros:

Changelog for 9.2-x86_64,9.2-i386:

- fixed security bugs in DICOM, HTTP, SMB, COPS, DLSw, DNP, Gnutella, MMSE,
  X11 dissectors and invalid RTP timestamp [#49253]
  (CAN-2004-1139, CAN-2004-1140, CAN-2004-1141, CAN-2005-0006, CAN-2005-0007,
   CAN-2005-0008, CAN-2005-0009, CAN-2005-0010, CAN-2005-0084, CAN-2004-1142)

Changelog for
sles9-i386,sles9-ia64,sles9-ppc,les9-s390,sles9-s390x,sles9-x86_64,sles8-ppc,sles8-s390,sles8-s390x,8.1-i386,8.2-i386,9.0-i386,9.0-x86_64,9.1-i386,9.1-x86_64,ul1-i386,ul1-ia64,ul1-x86_64:

- fixed security bugs in HTTP, SMB, X11 dissectors and invalid RTP timestamp
[#49253]
  (CAN-2004-1140, CAN-2004-1141, CAN-2005-0084, CAN-2004-1142)
Comment 10 Petr Ostadal 2005-01-21 23:49:49 UTC
Sorry, I will submit it in moment. 
Comment 11 Petr Ostadal 2005-01-22 00:16:25 UTC
submited
Comment 12 Thomas Biege 2005-01-27 01:00:28 UTC
SM-Tracker - 232 
Comment 13 Thomas Biege 2005-01-27 01:03:55 UTC
`/work/src/done/PATCHINFO/patchinfo.ethereal' 
`/work/src/done/PATCHINFO/patchinfo-box.ethereal' 
Comment 14 Marcus Meissner 2005-02-03 15:33:07 UTC
updated packages released. 
Comment 15 Thomas Biege 2009-10-13 20:54:22 UTC
CVE-2005-0084: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)