MDKSA-2004:002

Package name

ethereal

Date

2004-01-13

Advisory ID

MDKSA-2004:002

Affected versions

9.2 i586 , 9.1 i586 , 9.1 i586

Problem description

Two vulnerabilities were discovered in versions of Ethereal prior to 0.10.0 that can be exploited to make Ethereal crash by injecting malformed packets onto the wire or by convincing a user to read a malformed packet trace file. The first vulnerability is in the SMB dissector and the second is in the Q.391 dissector. It is not known whether or not these issues could lead to the execution of arbitrary code. The updated packages provide Ethereal 0.10.0 which is not vulnerable to these issues.

Updated packages

9.2 i586

 c523748c0251859d6413d494d3ba1fe9  9.2/RPMS/ethereal-0.10.0a-0.1.92mdk.i586.rpm
07fdefedc257d3a53f3e0a3da2c042b2  9.2/SRPMS/ethereal-0.10.0a-0.1.92mdk.src.rpm

9.1 i586

 a8bcf806b679829441411a61692112c4  ppc/9.1/RPMS/ethereal-0.10.0a-0.1.91mdk.ppc.rpm
0418ffe78b92500b0e85516c9a2877ba  ppc/9.1/SRPMS/ethereal-0.10.0a-0.1.91mdk.src.rpm

9.1 i586

 15b93589c8e2c4a158e392d6e935d107  9.1/RPMS/ethereal-0.10.0a-0.1.91mdk.i586.rpm
0418ffe78b92500b0e85516c9a2877ba  9.1/SRPMS/ethereal-0.10.0a-0.1.91mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1012
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1013