Advisories | Mandriva

Package name	ethereal
Date	March 30th, 2004
Advisory ID	MDKSA-2004:024
Affected versions	9.1, 9.2

Problem Description

A number of serious issues have been discovered in versions of Ethereal
prior to 0.10.2. Stefan Esser discovered thirteen buffer overflows in
the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP dissectors.
Jonathan Heusser discovered that a carefully-crafted RADIUS packet
could cause Ethereal to crash. It was also found that a zero-length
Presentation protocol selector could make Ethereal crash. Finally, a
corrupt color filter file could cause a segmentation fault. It is
possible, through the exploitation of some of these vulnerabilities, to
cause Ethereal to crash or run arbitrary code by injecting a malicious,
malformed packet onto the wire, by convincing someone to read a
malformed packet trace file, or by creating a malformed color filter
file.

The updated packages bring Ethereal to version 0.10.3 which is not
vulnerable to these issues.

Updated Packages

Mandrakelinux 9.1

 2ea76ee0e31110940048fb0d3690916c  9.1/RPMS/ethereal-0.10.3-0.1.91mdk.i586.rpm
c9ba83e900d0a24b666ecbfab07af71b  9.1/SRPMS/ethereal-0.10.3-0.1.91mdk.src.rpm

Mandrakelinux 9.1/PPC

 96decdf0549ac66f2052b62725eaf77e  ppc/9.1/RPMS/ethereal-0.10.3-0.1.91mdk.ppc.rpm
c9ba83e900d0a24b666ecbfab07af71b  ppc/9.1/SRPMS/ethereal-0.10.3-0.1.91mdk.src.rpm

Mandrakelinux 9.2

 82c537864feb000ef58747c6784c886a  9.2/RPMS/ethereal-0.10.3-0.1.92mdk.i586.rpm
599b9b0b6b605bf0bf130c1135082bee  9.2/SRPMS/ethereal-0.10.3-0.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64

 6a5abfd064a15bf7f2ea714424dc4cd3  amd64/9.2/RPMS/ethereal-0.10.3-0.1.92mdk.amd64.rpm
599b9b0b6b605bf0bf130c1135082bee  amd64/9.2/SRPMS/ethereal-0.10.3-0.1.92mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176
http://www.ethereal.com/appnotes/enpa-sa-00013.html

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.