CVE-2005-0699
CVSS7.5
发布时间 :2005-03-08 00:00:00
修订时间 :2016-10-17 23:13:51
NMCOS    

[原文]Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.


[CNNVD]Ethereal 多个缓冲区溢出漏洞(CNNVD-200503-079)

        Ethereal 0.10.9及更早版本的CDMA A11 (3G-A11)剖析器(packet-3g-a11.c)中的dissect_a11_radius函数存在多个缓冲区溢出,远程攻击者可以通过带有大量长度值的RADIUS身份验证包执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:conectiva:linux:10.0Conectiva Linux 10.0
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/o:redhat:enterprise_linux:4.0::enterprise_server
cpe:/a:ethereal_group:ethereal:0.10.4
cpe:/a:ethereal_group:ethereal:0.10.3
cpe:/o:redhat:enterprise_linux:4.0::advanced_server
cpe:/a:ethereal_group:ethereal:0.10.6
cpe:/a:ethereal_group:ethereal:0.10.5
cpe:/a:ethereal_group:ethereal:0.10.8
cpe:/a:ethereal_group:ethereal:0.10.7
cpe:/a:ethereal_group:ethereal:0.10.9
cpe:/o:altlinux:alt_linux:compact_2.3
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/o:redhat:enterprise_linux:4.0::workstation
cpe:/o:redhat:enterprise_linux_desktop:4.0Red Hat Desktop 4.0
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/o:conectiva:linux:9.0Conectiva Linux 9.0
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/o:redhat:linux_advanced_workstation:2.1::ia64
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor
cpe:/o:altlinux:alt_linux:junior_2.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10147Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and ea...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0699
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0699
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-079
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=111038641832400&w=2
(UNKNOWN)  BUGTRAQ  20050309 RE: Ethereal remote buffer overflow - addon
http://marc.info/?l=bugtraq&m=111083125521813&w=2
(UNKNOWN)  BUGTRAQ  20050314 Ethereal 0.10.9 and below remote root exploit
http://security.gentoo.org/glsa/glsa-200503-16.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200503-16
http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-03-04
(UNKNOWN)  MISC  http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-03-04
http://www.ethereal.com/appnotes/enpa-sa-00018.html
(VENDOR_ADVISORY)  CONFIRM  http://www.ethereal.com/appnotes/enpa-sa-00018.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:053
(UNKNOWN)  MANDRAKE  MDKSA-2005:053
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
(UNKNOWN)  FEDORA  FLSA-2006:152922
http://www.redhat.com/support/errata/RHSA-2005-306.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:306
http://www.securityfocus.com/archive/1/392659
(VENDOR_ADVISORY)  BUGTRAQ  20050308 Ethereal remote buffer overflow
http://www.securityfocus.com/bid/12759
(VENDOR_ADVISORY)  BID  12759

- 漏洞信息

Ethereal 多个缓冲区溢出漏洞
高危 缓冲区溢出
2005-03-08 00:00:00 2005-10-20 00:00:00
远程  
        Ethereal 0.10.9及更早版本的CDMA A11 (3G-A11)剖析器(packet-3g-a11.c)中的dissect_a11_radius函数存在多个缓冲区溢出,远程攻击者可以通过带有大量长度值的RADIUS身份验证包执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Ethereal Group Ethereal 0.10
        Ethereal Group Ethereal 0.10.10
        http://www.ethereal.com/download.html
        Ethereal Group ethereal-0.10.9-SVN-13681.tar.gz
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-0.10.9-S VN-13681.tar.gz
        Ethereal Group ethereal-setup-0.10.9-SVN-13681.exe
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-setup-0. 10.9-SVN-13681.exe
        Ethereal Group Ethereal 0.10.1
        Ethereal Group Ethereal 0.10.10
        http://www.ethereal.com/download.html
        Ethereal Group ethereal-0.10.9-SVN-13681.tar.gz
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-0.10.9-S VN-13681.tar.gz
        Ethereal Group ethereal-setup-0.10.9-SVN-13681.exe
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-setup-0. 10.9-SVN-13681.exe
        Ethereal Group Ethereal 0.10.2
        Ethereal Group Ethereal 0.10.10
        http://www.ethereal.com/download.html
        Ethereal Group ethereal-0.10.9-SVN-13681.tar.gz
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-0.10.9-S VN-13681.tar.gz
        Ethereal Group ethereal-setup-0.10.9-SVN-13681.exe
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-setup-0. 10.9-SVN-13681.exe
        Ethereal Group Ethereal 0.10.3
        Ethereal Group Ethereal 0.10.10
        http://www.ethereal.com/download.html
        Ethereal Group ethereal-0.10.9-SVN-13681.tar.gz
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-0.10.9-S VN-13681.tar.gz
        Ethereal Group ethereal-setup-0.10.9-SVN-13681.exe
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-setup-0. 10.9-SVN-13681.exe
        Fedora ethereal-0.10.10-1.FC2.1.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora ethereal-0.10.10-1.FC2.1.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora ethereal-debuginfo-0.10.10-1.FC2.1.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora ethereal-debuginfo-0.10.10-1.FC2.1.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora ethereal-gnome-0.10.10-1.FC2.1.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora ethereal-gnome-0.10.10-1.FC2.1.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora Legacy ethereal-0.10.13-1.FC2.2.legacy.i386.rpm
        Fedora Core 2:
        http://download.fedoralegacy.org/fedora/2/updates/i386/ethereal-0.10.1 3-1.FC2.2.legacy.i386.rpm
        Fedora Legacy ethereal-gnome-0.10.13-1.FC2.2.legacy.i386.rpm
        Fedora Core 2:
        http://download.fedoralegacy.org/fedora/2/updates/i386/ethereal-gnome- 0.10.13-1.FC2.2.legacy.i386.rpm
        Mandrake ethereal-0.10.10-0.1.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www.mandrakesecure.net/en/ftp.php
        Mandrake ethereal-0.10.10-0.1.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www.mandrakesecure.net/en/ftp.php
        Ethereal Group Ethereal 0.10.4
        Ethereal Group Ethereal 0.10.10
        http://www.ethereal.com/download.html
        Ethereal Group ethereal-0.10.9-SVN-13681.tar.gz
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-0.10.9-S VN-13681.tar.gz
        Ethereal Group ethereal-setup-0.10.9-SVN-13681.exe
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-setup-0. 10.9-SVN-13681.exe
        Ethereal Group Ethereal 0.10.5
        Ethereal Group Ethereal 0.10.10
        http://www.ethereal.com/download.html
        Ethereal Group ethereal-0.10.9-SVN-13681.tar.gz
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-0.10.9-S VN-13681.tar.gz
        Ethereal Group ethereal-setup-0.10.9-SVN-13681.exe
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-setup-0. 10.9-SVN-13681.exe
        Ethereal Group Ethereal 0.10.6
        Ethereal Group Ethereal 0.10.10
        http://www.ethereal.com/download.html
        Ethereal Group ethereal-0.10.9-SVN-13681.tar.gz
        http://www.ethereal.com/distribution/buildbot-builds/ethereal-0.10.9-S VN-13681.tar.gz
        Ethereal Group ethereal-setup-0.10.9-SVN-13681.exe
        http://www.ethereal.com/distribution/buil

- 漏洞信息

14612
Ethereal 3GPP2 A11 Dissector dissect_a11_radius() Function Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-03-08 Unknow
2005-03-08 Unknow

- 解决方案

Upgrade to version 0.10.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Ethereal RADIUS Authentication Dissection Buffer Overflow Vulnerability
Boundary Condition Error 12759
Yes No
2005-03-08 12:00:00 2006-07-31 11:56:00
Both Leon Juranic and Diego Giagio <dgiagio@irion.com.br> independently discovery this issue.

- 受影响的程序版本

RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Ethereal Group Ethereal 0.10.9
+ Gentoo Linux
Ethereal Group Ethereal 0.10.8
Ethereal Group Ethereal 0.10.7
Ethereal Group Ethereal 0.10.6
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
Ethereal Group Ethereal 0.10.5
Ethereal Group Ethereal 0.10.4
Ethereal Group Ethereal 0.10.3
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0
Ethereal Group Ethereal 0.10.2
Ethereal Group Ethereal 0.10.1
Ethereal Group Ethereal 0.10
Conectiva Linux 10.0
Conectiva Linux 9.0
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Converged Communications Server 2.0
ALT Linux ALT Linux Junior 2.3
ALT Linux ALT Linux Compact 2.3
Ethereal Group Ethereal 0.10 .10
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1

- 不受影响的程序版本

Ethereal Group Ethereal 0.10 .10
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1

- 漏洞讨论

A remote buffer-overflow vulnerability reportedly affects Ethereal because it fails to securely copy network-derived data into sensitive process buffers. The specific issue resides in the 3GPP2 A11 dissector.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

- 漏洞利用

The following exploits are available:

- 解决方案

Please see the references for more information.


Ethereal Group Ethereal 0.10

Ethereal Group Ethereal 0.10.1

Ethereal Group Ethereal 0.10.2

Ethereal Group Ethereal 0.10.3

Ethereal Group Ethereal 0.10.4

Ethereal Group Ethereal 0.10.5

Ethereal Group Ethereal 0.10.6

Ethereal Group Ethereal 0.10.7

Ethereal Group Ethereal 0.10.8

Ethereal Group Ethereal 0.10.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站