CVE-2002-0353
CVSS5.0
发布时间 :2002-06-25 00:00:00
修订时间 :2008-09-10 15:11:49
NMCOS    

[原文]The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields.


[CNNVD]Ethereal ASN.1字符串内存分配拒绝服务攻击漏洞(CNNVD-200206-085)

        
        Ethereal是一款免费开放源代码的网络通信分析工具,由Ethereal项目组开发和维护。
        Ethereal在处理ASN.1信息时存在漏洞,可导致攻击者进行拒绝服务攻击。
        攻击者可以使用非法数据传递给Ethereal中ASN.1字符解析函数,可导致不正确的分配内存,使程序崩溃。其中SNMP、LDAP、COPS和Kerberos都用到此解析函数。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:ethereal_group:ethereal:0.9.1
cpe:/a:ethereal_group:ethereal:0.9.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0353
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0353
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200206-085
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/4604
(UNKNOWN)  BID  4604
http://www.redhat.com/support/errata/RHSA-2002-088.html
(UNKNOWN)  REDHAT  RHSA-2002:088
http://www.iss.net/security_center/static/8952.php
(UNKNOWN)  XF  ethereal-asn1-dos(8952)
http://www.ethereal.com/appnotes/enpa-sa-00003.html
(UNKNOWN)  CONFIRM  http://www.ethereal.com/appnotes/enpa-sa-00003.html
http://www.debian.org/security/2002/dsa-130
(UNKNOWN)  DEBIAN  DSA-130
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000474
(UNKNOWN)  CONECTIVA  CLA-2002:474

- 漏洞信息

Ethereal ASN.1字符串内存分配拒绝服务攻击漏洞
中危 设计错误
2002-06-25 00:00:00 2005-10-20 00:00:00
远程  
        
        Ethereal是一款免费开放源代码的网络通信分析工具,由Ethereal项目组开发和维护。
        Ethereal在处理ASN.1信息时存在漏洞,可导致攻击者进行拒绝服务攻击。
        攻击者可以使用非法数据传递给Ethereal中ASN.1字符解析函数,可导致不正确的分配内存,使程序崩溃。其中SNMP、LDAP、COPS和Kerberos都用到此解析函数。
        

- 公告与补丁

        厂商补丁:
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLA-2002:474)以及相应补丁:
        CLA-2002:474:ethereal
        链接:
        http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000474

        补丁下载:
        ftp://atualizacoes.conectiva.com.br/5.0/i386/ethereal-0.9.3-1U50_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/ethereal-0.9.3-1U50_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/ethereal-0.9.3-1U51_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/ethereal-0.9.3-1U51_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ethereal-0.9.3-1U60_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/ethereal-0.9.3-1U60_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ethereal-0.9.3-1U70_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/ethereal-0.9.3-1U70_1cl.src.rpm
        Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:
        - 把以下的文本行加入到/etc/apt/sources.list文件中:
        
        rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
        (如果你不是使用6.0版本,用合适的版本号代替上面的6.0)
        - 执行: apt-get update
        - 更新以后,再执行: apt-get upgrade
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-130-1)以及相应补丁:
        DSA-130-1:memory allocation error in ethereal
        链接:
        http://www.debian.org/security/2002/dsa-130

        补丁下载:
        Source archives:
        
        http://security.debian.org/dists/stable/updates/main/source/ethereal_0.8.0-3potato.diff.gz

        
        http://security.debian.org/dists/stable/updates/main/source/ethereal_0.8.0-3potato.dsc

        
        http://security.debian.org/dists/stable/updates/main/source/ethereal_0.8.0.orig.tar.gz

        Alpha architecture:
        
        http://security.debian.org/dists/stable/updates/main/binary-alpha/ethereal_0.8.0-3potato_alpha.deb

        ARM architecture:
        
        http://security.debian.org/dists/stable/updates/main/binary-ar

        补丁安装方法:
        1. 手工安装补丁包:
         首先,使用下面的命令来下载补丁软件:
         # wget url (url是补丁下载链接地址)
         然后,使用下面的命令来安装补丁:
         # dpkg -i file.deb (file是相应的补丁名)
        2. 使用apt-get自动安装补丁包:
         首先,使用下面的命令更新内部数据库:
         # apt-get update
        
         然后,使用下面的命令安装更新软件包:
         # apt-get upgrade
        RedHat
        ------
        Red Hat RPM ethereal-0.9.4-0.7.2.0.i386.rpm
        ftp://updates.redhat.com/7.2/en/os/i386/ethereal-0.9.4-0.7.2.0.i386.rpm
        SCO
        ---
        SCO RPM ethereal-0.9.4-1.i386.rpm
        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-037.0/RPMS/ethereal-0.9.4-1.i386.rpm
        SCO RPM ethereal-0.9.4-1.i386.rpm
        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-037.0/RPMS/ethereal-0.9.4-1.i386.rpm
        SCO RPM ethereal-0.9.4-1.i386.rpm
        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-037.0/RPMS/ethereal-0.9.4-1.i386.rpm
        SCO RPM ethereal-0.9.4-1.i386.rpm
        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-037.0/RPMS/ethereal-0.9.4-1.i386.rpm
        Ethereal Group
        --------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Ethereal Group Ethereal 0.9.1:
        Ethereal Group Upgrade ethereal-0.9.3.tar.gz
        
        http://www.ethereal.com/distribution/ethereal-0.9.3.tar.gz

        Ethereal Group Ethereal 0.9.2:
        Ethereal Group Upgrade ethereal-0.9.3.tar.gz
        
        http://www.ethereal.com/distribution/ethereal-0.9.3.tar.gz

- 漏洞信息

4473
Ethereal SNMP Dissector ASN.1 Parser Overflow DoS
Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-03-23 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.9.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Ethereal ASN.1 String Memory Allocation Denial Of Service Vulnerability
Design Error 4604
Yes No
2002-04-25 12:00:00 2009-07-11 12:46:00
This vulnerability announced by the Ethereal Development Team.

- 受影响的程序版本

Ethereal Group Ethereal 0.9.2
Ethereal Group Ethereal 0.9.1
- Compaq Tru64 5.0
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- HP HP-UX 11.0
- IBM AIX 5.1
- Linux kernel 2.4
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0
- NetBSD NetBSD 1.5
- OpenBSD OpenSSH 3.0
- SCO Unixware 7.0
- SGI IRIX 6.0
- Sun Solaris 8_sparc
Ethereal Group Ethereal 0.9
Ethereal Group Ethereal 0.8.18
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 i386
- RedHat Linux 7.2
Ethereal Group Ethereal 0.9.3
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha

- 不受影响的程序版本

Ethereal Group Ethereal 0.9.3
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha

- 漏洞讨论

Ethereal is a freely available, open source network traffic analysis tool. It is maintained by the Ethereal Project.

Under some circumstances, Ethereal can be made to crash. When malformed ASN.1 messages are parsed by Ethereal, memory may be misallocated. This may result in crashes possibly due to corruption of internal malloc structures. It is not known if this condition can be exploited to execute arbitrary code.

This vulnerability is an example of the inherent vulnerabilities that exist in ASN.1, as discovered in research done by the University of Oulu in development of the PROTOS test suite. Many more ASN.1 implementations may prove to be vulnerable as a result of rigorous PROTOS testing. Various ASN.1 implementations are widely deployed and potentially prone to the inherent vulnerabilities discovered during the development of the PROTOS test-suite. This should be considered a serious threat with far-reaching consequences.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Fixes available:


Ethereal Group Ethereal 0.8.18

Ethereal Group Ethereal 0.9.1

Ethereal Group Ethereal 0.9.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站