Advisories | Mandriva

Package name	ethereal
Date	December 10th, 2003
Advisory ID	MDKSA-2003:114
Affected versions	9.1, 9.2

Problem Description

A number of vulnerabilities were discovered in ethereal that, if
exploited, could be used to make ethereal crash or run arbitrary code
by injecting malicious malformed packets onto the wire or by
convincing someone to read a malformed packet trace file.

A buffer overflow allows attackers to cause a DoS (Denial of Service)
and possibly execute arbitrary code using a malformed GTP MSISDN
string (CAN-2003-0925).

Likewise, a DoS can be caused by using malformed ISAKMP or MEGACO
packets (CAN-2003-0926).

Finally, a heap-based buffer overflow allows attackers to cause a DoS
or execute arbitrary code using the SOCKS dissector (CAN-2003-0927).

All three vulnerabilities affect all versions of Ethereal up to and
including 0.9.15. This update provides 0.9.16 which corrects all of
these issues. Also note that each vulnerability can be exploited by
a remote attacker.

Updated Packages

Mandrakelinux 9.1

 6f7a55137bfe58e52ac26c7a1555117d  9.1/RPMS/ethereal-0.9.16-2.1.91mdk.i586.rpm
58ba4528b16ee80cfbbd6ab6a881f6ed  9.1/SRPMS/ethereal-0.9.16-2.1.91mdk.src.rpm

Mandrakelinux 9.1/PPC

 db5ae031a844f1dea0c9d4329f54c487  ppc/9.1/RPMS/ethereal-0.9.16-2.1.91mdk.ppc.rpm
58ba4528b16ee80cfbbd6ab6a881f6ed  ppc/9.1/SRPMS/ethereal-0.9.16-2.1.91mdk.src.rpm

Mandrakelinux 9.2

 f88623242a1f28900a073c6b205e8f67  9.2/RPMS/ethereal-0.9.16-2.1.92mdk.i586.rpm
3be53a6f83092086aa74d3334e4e1133  9.2/SRPMS/ethereal-0.9.16-2.1.92mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0927
http://www.ethereal.com/appnotes/enpa-sa-00011.html

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.