MDKSA-2005:193

Package name

ethereal

Date

2005-10-25

Advisory ID

MDKSA-2005:193

Affected versions

2006.0 i586 , 10.2 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

Ethereal 0.10.13 is now available fixing a number of security
vulnerabilities in various dissectors:

- the ISAKMP dissector could exhaust system memory
- the FC-FCS dissector could exhaust system memory
- the RSVP dissector could exhaust system memory
- the ISIS LSP dissector could exhaust system memory
- the IrDA dissector could crash
- the SLIMP3 dissector could overflow a buffer
- the BER dissector was susceptible to an infinite loop
- the SCSI dissector could dereference a null pointer and crash
- the sFlow dissector could dereference a null pointer and crash
- the RTnet dissector could dereference a null pointer and crash
- the SigComp UDVM could go into an infinite loop or crash
- the X11 dissector could attempt to divide by zero
- if SMB transaction payload reassembly is enabled the SMB dissector
could crash (by default this is disabled)
- if the "Dissect unknown RPC program numbers" option was enabled, the
ONC RPC dissector might be able to exhaust system memory (by default
this is disabled)
- the AgentX dissector could overflow a buffer
- the WSP dissector could free an invalid pointer
- iDEFENSE discovered a buffer overflow in the SRVLOC dissector

The new version of Ethereal is provided and corrects all of these
issues.

Updated packages

2006.0 i586

 afa7f414f160baab8255f107c4b68167  2006.0/RPMS/ethereal-0.10.13-0.1.20060mdk.i586.rpm
 d15d1610353763aca11df0c74b418a04  2006.0/RPMS/ethereal-tools-0.10.13-0.1.20060mdk.i586.rpm
 4725840f84343c5c003eaa9f976f8831  2006.0/RPMS/libethereal0-0.10.13-0.1.20060mdk.i586.rpm
 65eb0205ba9778b11ba17bcb6c28bd5e  2006.0/RPMS/tethereal-0.10.13-0.1.20060mdk.i586.rpm
 7925fa1d545fecc56843dee7cc825d8f  2006.0/SRPMS/ethereal-0.10.13-0.1.20060mdk.src.rpm

10.2 i586

 a4a8fdc8455a04fa59403c109e66ed89  10.2/RPMS/ethereal-0.10.13-0.1.102mdk.i586.rpm
 a54511a764592c5fddcb98a9fa8663c9  10.2/RPMS/ethereal-tools-0.10.13-0.1.102mdk.i586.rpm
 6a53e0f7a132d6520f224c67b0dc5dc2  10.2/RPMS/libethereal0-0.10.13-0.1.102mdk.i586.rpm
 be7bb0c3ac28f631c97f07d55bfc8c71  10.2/RPMS/tethereal-0.10.13-0.1.102mdk.i586.rpm
 a0877c50091971fc9f23806ed92221da  10.2/SRPMS/ethereal-0.10.13-0.1.102mdk.src.rpm

10.2 x86_64

 a4905e8eb45acaa645577a4bc4900cce  x86_64/10.2/RPMS/ethereal-0.10.13-0.1.102mdk.x86_64.rpm
 245aceadf58166897585d29a92996102  x86_64/10.2/RPMS/ethereal-tools-0.10.13-0.1.102mdk.x86_64.rpm
 9672947d1adf409c73d325178fc74525  x86_64/10.2/RPMS/lib64ethereal0-0.10.13-0.1.102mdk.x86_64.rpm
 58676aa8bf6385adef7ea6c0d5772fc3  x86_64/10.2/RPMS/tethereal-0.10.13-0.1.102mdk.x86_64.rpm
 a0877c50091971fc9f23806ed92221da  x86_64/10.2/SRPMS/ethereal-0.10.13-0.1.102mdk.src.rpm

2006.0 x86_64

 99ad384eff6229342322d257c4c93e62  x86_64/2006.0/RPMS/ethereal-0.10.13-0.1.20060mdk.x86_64.rpm
 91c8e78eb70a6106abd9f799157c3c52  x86_64/2006.0/RPMS/ethereal-tools-0.10.13-0.1.20060mdk.x86_64.rpm
 75ac237556cc2bf5c8bc341f2fb50e13  x86_64/2006.0/RPMS/lib64ethereal0-0.10.13-0.1.20060mdk.x86_64.rpm
 71e3810bc682239b3681fc6828fb64db  x86_64/2006.0/RPMS/tethereal-0.10.13-0.1.20060mdk.x86_64.rpm
 7925fa1d545fecc56843dee7cc825d8f  x86_64/2006.0/SRPMS/ethereal-0.10.13-0.1.20060mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3241
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3242
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3243
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3244
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3245
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3246
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3247
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3248
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3249
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3184
• http://www.ethereal.com/appnotes/enpa-sa-00021.html