Bugzilla – Bug 57820
VUL-0: CVE-2004-0635: ethereal: security bugs, possible code execution
Last modified: 2021-09-27 09:02:21 UTC
Date: Tue, 06 Jul 2004 20:06:04 -0500 From: Gerald Combs <gerald@ethereal.com> To: vendor-sec@lst.de Subject: [vendor-sec] Upcoming Ethereal release fixes potential security problems -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Potential security problems were recently found in the iSNS, SMB, and SNMP code in Ethereal: http://www.ethereal.com/appnotes/enpa-sa-00015.html Version 0.10.5 will be released tomorrow or Thursday (July 7th or 8th) and will address these issues. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA60x8kXaEuZt2wEERAnA8AJwNfUEGVNxiLhP8liGUxYgu31gzJwCeMuR6 THp1jRw8N8tbQJpCJW2YTeg= =lSoP -----END PGP SIGNATURE-----
Created attachment 21987 [details] ethereal-smb-fix.diff by Josh Bressers: "Here are what appear to be the upstream patches for these issues."
Created attachment 21988 [details] ethereal-snmp-fix.diff
Created attachment 21989 [details] ethereal-isns-fix.diff
====================================================== Candidate: CAN-2004-0633 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0633 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20040707 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00015.html Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381 The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow. ====================================================== Candidate: CAN-2004-0634 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0634 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20040707 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00015.html Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381 The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference. ====================================================== Candidate: CAN-2004-0635 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0635 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20040707 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00015.html Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381 The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
Petr?
Hi, I am back from vacation and I going to work on it.
I fixed security bugs in SMB and SNMP code and submited it to autobuild. I found that we aren't vulnerable by iSNS bug, because the faulty code isn't in version 0.10.3, which we have in all distributions. For STABLE I will update it later.
the ethereal as well as the CAN advisory explicitely state that iSNS affects versions 0.10.3 and 0.10.4. Fedora has also patched 0.10.3 against the iSNS flaw. See https://bugzilla.fedora.us/attachment.cgi?id=762&action=view seems like the variable just has a different name.
Sorry, you are right. The attached patch in our bugzilla was only for newer version, but in fedora is the right one. I will use the fix from fedora and then submited it again.
Done, I added backported fix from fedora and submited all packages to autobuild.
Ludwig, can you take care of the approval and the laufzettel please.
packages approved
CVE-2004-0635: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)