Debian Bug report logs - #334880
ethereal 0.10.13 fixes lots of vulnerabilities

version graph

Package: ethereal; Maintainer for ethereal is (unknown);

Reported by: Moritz Muehlenhoff <jmm@informatik.uni-bremen.de>

Date: Thu, 20 Oct 2005 14:03:02 UTC

Severity: grave

Tags: security

Found in version ethereal/0.10.12-6

Fixed in version ethereal/0.10.13-1

Done: Frederic Peters <fpeters@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:
Bug#334880; Package ethereal. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@informatik.uni-bremen.de>:
New Bug report received and forwarded. Copy sent to Frederic Peters <fpeters@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@informatik.uni-bremen.de>
To: submit@bugs.debian.org
Subject: ethereal 0.10.13 fixes lots of vulnerabilities
Date: Thu, 20 Oct 2005 15:35:13 +0200
Package: ethereal
Version: 0.10.12-6
Severity: grave
Tags: security
Justification: user security hole

As usual ethereal 0.10.13 fixes lots of vulnerabilities, most of them are only denial-of-
service, but some can lead to execution of arbitrary code.

Affecting only sid:
     o The ISAKMP dissector could exhaust system memory. Versions affected: 0.10.11 to 0.10.12.
     o The SigComp UDVM could go into an infinite loop or crash. Versions affected: 0.10.12.
     o The ACSE dissector was susceptible to infinite recursion. Versions affected: 0.10.12.

Affecting Sarge and sid:
     o The IrDA dissector could crash. Versions affected: 0.10.0 to 0.10.12.
     o The BER dissector was susceptible to an infinite loop. Versions affected: 0.10.3 to 0.10.12.
     o The SCSI dissector could dereference a null pointer and crash. Versions affected: 0.10.3 to 0.10.12.
     o The sFlow dissector could dereference a null pointer and crash. Versions affected: 0.9.14 to 0.10.12.
     o The RTnet dissector could dereference a null pointer and crash. Versions affected: 0.10.8 to 0.10.12.
     o If SMB transaction payload reassembly is enabled the SMB dissector could crash. This preference is disabled by
       default. Versions affected: 0.9.7 to 0.10.12.
     o The X11 dissector could attempt to divide by zero. Versions affected: 0.10.1 to 0.10.12.
     o The AgentX dissector could overflow a buffer. Versions affected: 0.10.10 to 0.10.12.
     o The WSP dissector could free an invalid pointer. Versions affected: 0.10.1 to 0.10.12.
     o The NCP dissector was susceptible to an infinite loop. Versions affected: 0.9.7 to 0.10.12.
     o iDEFENSE found a buffer overflow in the SRVLOC dissector. Versions affected: 0.10.0 to 0.10.12.

Affecting Woody, Sarge and sid:
     o The FC-FCS dissector could exhaust system memory. Versions affected: 0.9.0 to 0.10.12.
     o The RSVP dissector could exhaust system memory. Versions affected: 0.9.4 to 0.10.12.
     o The ISIS LSP dissector could exhaust system memory. Versions affected: 0.8.18 to 0.10.12.
     o The SLIMP3 dissector could overflow a buffer. Versions affected: 0.9.1 to 0.10.12.
     o If the "Dissect unknown RPC program numbers" option was enabled, the ONC RPC dissector might be able to exhaust system
       memory. This option is disabled by default. Versions affected: 0.7.7 to 0.10.12.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Information forwarded to debian-bugs-dist@lists.debian.org, Frederic Peters <fpeters@debian.org>:
Bug#334880; Package ethereal. Full text and rfc822 format available.

Acknowledgement sent to Joey Hess <joeyh@debian.org>:
Extra info received and forwarded to list. Copy sent to Frederic Peters <fpeters@debian.org>. Full text and rfc822 format available.

Message #10 received at 334880@bugs.debian.org (full text, mbox):

From: Joey Hess <joeyh@debian.org>
To: 334880@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@informatik.uni-bremen.de>
Subject: still open?
Date: Sat, 10 Dec 2005 16:45:30 -0500
[Message part 1 (text/plain, inline)]
What's the status of this set of holes now that 0.10.13-1 is uploaded?

-- 
see shy jo
[signature.asc (application/pgp-signature, inline)]

Reply sent to Frederic Peters <fpeters@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@informatik.uni-bremen.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 334880-done@bugs.debian.org (full text, mbox):

From: Frederic Peters <fpeters@debian.org>
To: Joey Hess <joeyh@debian.org>, 334880-done@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@informatik.uni-bremen.de>
Subject: Re: Bug#334880: still open?
Date: Sat, 10 Dec 2005 23:26:21 +0100
Package: ethereal
Version: 0.10.13-1

> What's the status of this set of holes now that 0.10.13-1 is uploaded?

Oops, thanks for the reminder, and sorry since I forgot to notify the
security team about this.  Holes are fixed in 0.10.13-1; fixes should
be backported to sarge (and woody).

Unfortunately tomorrow I'm going back to the country where I don't
have enough internet connectivity to do serious work for Debian;
zero-day NMU are still welcomed for all of my packages.


Regards,

        Frederic



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 17:58:10 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 16:32:25 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.