| CVE-2005-1463 |
|
发布时间 :2005-05-05 00:00:00 | ||
| 修订时间 :2010-08-21 00:28:54 | ||||
| NMCOP |
[原文]Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A dissectors in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code.
[CNNVD]Ethereal多个协议分析处理模块漏洞(CNNVD-200505-913)
Ethereal是一款非常流行的网络协议分析工具。
Ethereal厂商报告了各种协议处理模块中的多个漏洞,包括:
- 缓冲区溢出漏洞
- 格式串漏洞
- 空指针引用拒绝服务漏洞
- 分段错误拒绝服务漏洞
- 死循环漏洞
- 内存耗尽拒绝服务漏洞
- 双重释放漏洞
- 未明的拒绝服务漏洞
这些漏洞可能允许远程攻击者执行任意代码或导致受影响的应用程序崩溃。
- CVSS (基础分值)
| CVSS分值: | 7.5 | [严重(HIGH)] |
| 机密性影响: | PARTIAL | [很可能造成信息泄露] |
| 完整性影响: | PARTIAL | [可能会导致系统文件被修改] |
| 可用性影响: | PARTIAL | [可能会导致性能下降或中断资源访问] |
| 攻击复杂度: | LOW | [漏洞利用没有访问限制 ] |
| 攻击向量: | [--] | |
| 身份认证: | NONE | [漏洞利用无需身份认证] |
- CPE (受影响的平台与产品)
| cpe:/a:ethereal_group:ethereal:0.10.8 | |
| cpe:/a:ethereal_group:ethereal:0.9.8 | |
| cpe:/a:ethereal_group:ethereal:0.10.9 | |
| cpe:/a:ethereal_group:ethereal:0.9 | |
| cpe:/a:ethereal_group:ethereal:0.9.11 | |
| cpe:/a:ethereal_group:ethereal:0.9.16 | |
| cpe:/a:ethereal_group:ethereal:0.9.2 | |
| cpe:/a:ethereal_group:ethereal:0.9.4 | |
| cpe:/a:ethereal_group:ethereal:0.9.5 | |
| cpe:/a:ethereal_group:ethereal:0.10.10 | |
| cpe:/a:ethereal_group:ethereal:0.8.14 | |
| cpe:/a:ethereal_group:ethereal:0.10.1 | |
| cpe:/a:ethereal_group:ethereal:0.10.7 | |
| cpe:/a:ethereal_group:ethereal:0.10.2 | |
| cpe:/a:ethereal_group:ethereal:0.9.12 | |
| cpe:/a:ethereal_group:ethereal:0.8 | |
| cpe:/a:ethereal_group:ethereal:0.9.15 | |
| cpe:/a:ethereal_group:ethereal:0.9.3 | |
| cpe:/a:ethereal_group:ethereal:0.10.4 | |
| cpe:/a:ethereal_group:ethereal:0.8.15 | |
| cpe:/a:ethereal_group:ethereal:0.10.5 | |
| cpe:/a:ethereal_group:ethereal:0.10.3 | |
| cpe:/a:ethereal_group:ethereal:0.9.7 | |
| cpe:/a:ethereal_group:ethereal:0.9.9 | |
| cpe:/a:ethereal_group:ethereal:0.9.14 | |
| cpe:/a:ethereal_group:ethereal:0.9.10 | |
| cpe:/a:ethereal_group:ethereal:0.10.6 | |
| cpe:/a:ethereal_group:ethereal:0.9.13 | |
| cpe:/a:ethereal_group:ethereal:0.8.18 | |
| cpe:/a:ethereal_group:ethereal:0.8.13 | |
| cpe:/a:ethereal_group:ethereal:0.9.1 | |
| cpe:/a:ethereal_group:ethereal:0.8.19 | |
| cpe:/a:ethereal_group:ethereal:0.9.6 | |
| cpe:/a:ethereal_group:ethereal:0.10 |
- OVAL (用于检测的技术细节)
| oval:org.mitre.oval:def:10713 | Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A dissectors in Ethereal before 0.10.11 may allow remote attackers to ex... |
| *OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。 | |
- 官方数据库链接
- 其它链接及资源
|
http://www.ethereal.com/news/item_20050504_01.html (VENDOR_ADVISORY) CONFIRM http://www.ethereal.com/news/item_20050504_01.html |
|
http://www.ethereal.com/appnotes/enpa-sa-00019.html (VENDOR_ADVISORY) CONFIRM http://www.ethereal.com/appnotes/enpa-sa-00019.html |
|
http://www.securityfocus.com/bid/13504 (UNKNOWN) BID 13504 |
|
http://www.redhat.com/support/errata/RHSA-2005-427.html (UNKNOWN) REDHAT RHSA-2005:427 |
|
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html (UNKNOWN) FEDORA FLSA-2006:152922 |
|
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963 (UNKNOWN) CONECTIVA CLSA-2005:963 |
- 漏洞信息
| Ethereal多个协议分析处理模块漏洞 | |
| 高危 | 格式化字符串 |
| 2005-05-05 00:00:00 | 2005-10-20 00:00:00 |
| 远程 | |
| Ethereal是一款非常流行的网络协议分析工具。
Ethereal厂商报告了各种协议处理模块中的多个漏洞,包括: - 缓冲区溢出漏洞 - 格式串漏洞 - 空指针引用拒绝服务漏洞 - 分段错误拒绝服务漏洞 - 死循环漏洞 - 内存耗尽拒绝服务漏洞 - 双重释放漏洞 - 未明的拒绝服务漏洞 这些漏洞可能允许远程攻击者执行任意代码或导致受影响的应用程序崩溃。 |
|
- 公告与补丁
|
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz http://security.gentoo.org/glsa/glsa-200505-03.xml |
- 漏洞信息 (F38410)
| Gentoo Linux Security Advisory 200505-3 (PacketStormID:F38410) |
| 2005-07-02 00:00:00 |
| Gentoo security.gentoo.org |
| advisory,arbitrary,vulnerability |
| linux,gentoo |
| CVE-2005-1456,CVE-2005-1457,CVE-2005-1458,CVE-2005-1459,CVE-2005-1460,CVE-2005-1461,CVE-2005-1462,CVE-2005-1463,CVE-2005-1464,CVE-2005-1465,CVE-2005-1466,CVE-2005-1467,CVE-2005-1468,CVE-2005-1469,CVE-2005-1470 |
| [点击下载] |
|
Gentoo Linux Security Advisory GLSA 200505-03 - Ethereal is vulnerable to numerous vulnerabilities potentially resulting in the execution of arbitrary code or abnormal termination. Versions less than 0.10.11 are affected. |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200505-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Ethereal: Numerous vulnerabilities
Date: May 06, 2005
Bugs: #90539
ID: 200505-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Ethereal is vulnerable to numerous vulnerabilities potentially
resulting in the execution of arbitrary code or abnormal termination.
Background
==========
Ethereal is a feature rich network protocol analyzer.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/ethereal < 0.10.11 >= 0.10.11
Description
===========
There are numerous vulnerabilities in versions of Ethereal prior to
0.10.11, including:
* The ANSI A and DHCP dissectors are vulnerable to format string
vulnerabilities.
* The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP,
PKIX1Explitit, PKIX Qualified, X.509, Q.931, MEGACO, NCP, ISUP, TCAP
and Presentation dissectors are vulnerable to buffer overflows.
* The KINK, WSP, SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and SMB
NETLOGON dissectors are vulnerable to pointer handling errors.
* The LMP, KINK, MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw, NCP and
L2TP dissectors are vulnerable to looping problems.
* The Telnet and DHCP dissectors could abort.
* The TZSP, Bittorrent, SMB, MGCP and ISUP dissectors could cause a
segmentation fault.
* The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2,
RADIUS, SMB PIPE, MRDISC and TCAP dissectors could throw assertions.
* The DICOM, NDPS and ICEP dissectors are vulnerable to memory
handling errors.
* The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and NTLMSSP
dissectors could terminate abnormallly.
Impact
======
An attacker might be able to use these vulnerabilities to crash
Ethereal and execute arbitrary code with the permissions of the user
running Ethereal, which could be the root user.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Ethereal users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.11"
References
==========
[ 1 ] Ethereal enpa-sa-00019
http://www.ethereal.com/appnotes/enpa-sa-00019.html
[ 2 ] CAN-2005-1456
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1456
[ 3 ] CAN-2005-1457
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1457
[ 4 ] CAN-2005-1458
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1458
[ 5 ] CAN-2005-1459
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1459
[ 6 ] CAN-2005-1460
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1460
[ 7 ] CAN-2005-1461
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1461
[ 8 ] CAN-2005-1462
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1462
[ 9 ] CAN-2005-1463
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1463
[ 10 ] CAN-2005-1464
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1464
[ 11 ] CAN-2005-1465
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1465
[ 12 ] CAN-2005-1466
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1466
[ 13 ] CAN-2005-1467
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1467
[ 14 ] CAN-2005-1468
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1468
[ 15 ] CAN-2005-1469
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1469
[ 16 ] CAN-2005-1470
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1470
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
- 漏洞信息
| 16094 | |
| Ethereal ANSI A Dissector Remote Format String | |
| Remote / Network Access, Local / Remote, Context Dependent | Input Manipulation |
| Loss of Integrity | |
| Exploit Unknown | |
- 漏洞描述
| A remote format string handling flaw exists in Ethereal. The ANSI A dissector fails to validate user-supplied input. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
- 时间线
| 2005-05-04 | Unknow |
| Unknow | Unknow |
- 解决方案
| Upgrade to version 0.10.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
- 相关参考
|
三人行,必有我师焉。择其善者而从之,其不善者而改之。