[NEWS] New Ethereal Version Address Security Vulnerabilities

• Previous message: SecuriTeam: "[NEWS] Progress 4GL Compiler Datatype Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 19 Jun 2003 21:38:19 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

Beyond Security in Canada

Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada.
We welcome ISPs, system integrators and IT systems resellers
to promote the most advanced vulnerability assessment solutions today.

Contact us at 416-482-0038 or at canadasales@beyondsecurity.com

- - - - - - - - -

  New Ethereal Version Address Security Vulnerabilities
------------------------------------------------------------------------

SUMMARY

Ethereal, a very common UNIX and Windows based network sniffer, has gone
additional security audits that have revealed numerous security issues in
it. Due to this the Ethereal authors have released a new version to
address these issues.

DETAILS

Vulnerable systems:
 * Ethereal version 0.9.12 and prior

Immune systems:
 * Ethereal version 0.9.13

Further source code auditing by Timo Sirainen has turned up several string
handling flaws in various protocol dissectors. Separate security problems
were discovered by other people:

 * The DCERPC dissector could try to allocate too much memory while trying
to decode an NDR string.
 * Bad IPv4 or IPv6 prefix lengths could cause an overflow in the OSI
dissector.
 * The SPNEGO dissector could segfault while parsing an invalid ASN.1
value.
 * The tvb_get_nstringz0() routine incorrectly handled a zero-length
buffer size.
 * The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI dissectors
handled strings improperly.

Impact:
It may be possible to make Ethereal crash or run arbitrary code by
injecting a purposefully malformed packet onto the wire, or by convincing
someone to read a malformed packet trace file.

Resolution:
Upgrade to version 0.9.13.

ADDITIONAL INFORMATION

The original advisory can be downloaded from:
 <http://www.ethereal.com/appnotes/enpa-sa-00010.html>
http://www.ethereal.com/appnotes/enpa-sa-00010.html

The information has been provided by <mailto:rfp@vulnwatch.org> Rain
Forest Puppy.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[NEWS] Progress 4GL Compiler Datatype Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]