[NEWS] New Ethereal Version Address Security Vulnerabilities

From: SecuriTeam (support_at_securiteam.com)
Date: 06/19/03

  • Next message: SecuriTeam: "[REVS] Heap Off by One - Explained" 
    To: list@securiteam.com
Date: 19 Jun 2003 21:38:19 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    Beyond Security in Canada

    Toronto-based Sunrays Technologies is now Beyond Security's representative in Canada.
    We welcome ISPs, system integrators and IT systems resellers
    to promote the most advanced vulnerability assessment solutions today.

    Contact us at 416-482-0038 or at canadasales@beyondsecurity.com

    - - - - - - - - -

      New Ethereal Version Address Security Vulnerabilities
    ------------------------------------------------------------------------

    SUMMARY

    Ethereal, a very common UNIX and Windows based network sniffer, has gone
    additional security audits that have revealed numerous security issues in
    it. Due to this the Ethereal authors have released a new version to
    address these issues.

    DETAILS

    Vulnerable systems:
     * Ethereal version 0.9.12 and prior

    Immune systems:
     * Ethereal version 0.9.13

    Further source code auditing by Timo Sirainen has turned up several string
    handling flaws in various protocol dissectors. Separate security problems
    were discovered by other people:

     * The DCERPC dissector could try to allocate too much memory while trying
    to decode an NDR string.
     * Bad IPv4 or IPv6 prefix lengths could cause an overflow in the OSI
    dissector.
     * The SPNEGO dissector could segfault while parsing an invalid ASN.1
    value.
     * The tvb_get_nstringz0() routine incorrectly handled a zero-length
    buffer size.
     * The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI dissectors
    handled strings improperly.

    Impact:
    It may be possible to make Ethereal crash or run arbitrary code by
    injecting a purposefully malformed packet onto the wire, or by convincing
    someone to read a malformed packet trace file.

    Resolution:
    Upgrade to version 0.9.13.

    ADDITIONAL INFORMATION

    The original advisory can be downloaded from:
     <http://www.ethereal.com/appnotes/enpa-sa-00010.html>
    http://www.ethereal.com/appnotes/enpa-sa-00010.html

    The information has been provided by <mailto:rfp@vulnwatch.org> Rain
    Forest Puppy.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[REVS] Heap Off by One - Explained"

    Relevant Pages