Bug 57820 - (CVE-2004-0635) VUL-0: CVE-2004-0635: ethereal: security bugs, possible code execution
(CVE-2004-0635)
VUL-0: CVE-2004-0635: ethereal: security bugs, possible code execution
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All Linux
: P3 - Medium : Major
: ---
Assigned To: Ludwig Nussel
Security Team bot
CVE-2004-0635: CVSS v2 Base Score: 5....
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-07 22:25 UTC by Ludwig Nussel
Modified: 2021-09-27 09:02 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
ethereal-smb-fix.diff (2.05 KB, patch)
2004-07-07 22:27 UTC, Ludwig Nussel
Details | Diff
ethereal-snmp-fix.diff (994 bytes, patch)
2004-07-07 22:28 UTC, Ludwig Nussel
Details | Diff
ethereal-isns-fix.diff (868 bytes, patch)
2004-07-07 22:28 UTC, Ludwig Nussel
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2004-07-07 22:25:30 UTC
Date: Tue, 06 Jul 2004 20:06:04 -0500 
From: Gerald Combs <gerald@ethereal.com> 
To: vendor-sec@lst.de 
Subject: [vendor-sec] Upcoming Ethereal release fixes potential security 
problems 
 
-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA1 
 
Potential security problems were recently found in the iSNS, SMB, and 
SNMP code in Ethereal: 
 
    http://www.ethereal.com/appnotes/enpa-sa-00015.html 
 
Version 0.10.5 will be released tomorrow or Thursday (July 7th or 8th) 
and will address these issues. 
-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v1.2.2 (GNU/Linux) 
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org 
 
iD8DBQFA60x8kXaEuZt2wEERAnA8AJwNfUEGVNxiLhP8liGUxYgu31gzJwCeMuR6 
THp1jRw8N8tbQJpCJW2YTeg= 
=lSoP 
-----END PGP SIGNATURE-----
Comment 1 Ludwig Nussel 2004-07-07 22:27:44 UTC
Created attachment 21987 [details]
ethereal-smb-fix.diff

by Josh Bressers: "Here are what appear to be the upstream patches for these
issues."
Comment 2 Ludwig Nussel 2004-07-07 22:28:00 UTC
Created attachment 21988 [details]
ethereal-snmp-fix.diff
Comment 3 Ludwig Nussel 2004-07-07 22:28:15 UTC
Created attachment 21989 [details]
ethereal-isns-fix.diff
Comment 4 Thomas Biege 2004-07-09 15:11:04 UTC
====================================================== 
Candidate: CAN-2004-0633 
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0633 
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20040707 
Category: SF 
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00015.html 
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381 
 
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote 
attackers to cause a denial of service (process abort) via an integer 
overflow. 
 
 
 
====================================================== 
Candidate: CAN-2004-0634 
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0634 
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20040707 
Category: SF 
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00015.html 
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381 
 
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows 
remote attackers to cause a denial of service (process crash) via a 
handle without a policy name, which causes a null dereference. 
 
 
 
====================================================== 
Candidate: CAN-2004-0635 
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0635 
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20040707 
Category: SF 
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00015.html 
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381 
 
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote 
attackers to cause a denial of service (process crash) via a (1) 
malformed or (2) missing community string, which causes an 
out-of-bounds read. 
Comment 5 Ludwig Nussel 2004-07-12 21:04:17 UTC
Petr? 
Comment 6 Petr Ostadal 2004-07-12 21:28:20 UTC
Hi,
I am back from vacation and  I going to work on it.
Comment 7 Petr Ostadal 2004-07-13 22:22:37 UTC
I fixed security bugs in SMB and SNMP code and submited it to autobuild.

I found that we aren't vulnerable by iSNS bug, because the faulty code isn't in
version 0.10.3, which we have in all distributions.

For STABLE I will update it later.
Comment 8 Ludwig Nussel 2004-07-14 16:24:38 UTC
the ethereal as well as the CAN advisory explicitely state that iSNS affects 
versions 0.10.3 and 0.10.4. Fedora has also patched 0.10.3 against the iSNS 
flaw. See https://bugzilla.fedora.us/attachment.cgi?id=762&action=view seems 
like the variable just has a different name. 
Comment 9 Petr Ostadal 2004-07-14 17:01:37 UTC
Sorry, you are right. The attached patch in our bugzilla was only for newer
version, but in fedora is the right one. I will use the fix from fedora and then
submited it again.
Comment 10 Petr Ostadal 2004-07-14 18:46:19 UTC
Done, I added backported fix from fedora and submited all packages to autobuild.
Comment 11 Thomas Biege 2004-07-15 19:56:32 UTC
Ludwig, 
can you take care of the approval and the laufzettel please. 
Comment 12 Ludwig Nussel 2004-08-10 18:03:18 UTC
packages approved 
Comment 13 Thomas Biege 2009-10-13 20:28:21 UTC
CVE-2004-0635: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)