CVE-2005-1463
CVSS7.5
发布时间 :2005-05-05 00:00:00
修订时间 :2010-08-21 00:28:54
NMCOP    

[原文]Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A dissectors in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code.


[CNNVD]Ethereal多个协议分析处理模块漏洞(CNNVD-200505-913)

        Ethereal是一款非常流行的网络协议分析工具。
        Ethereal厂商报告了各种协议处理模块中的多个漏洞,包括:
         - 缓冲区溢出漏洞
         - 格式串漏洞
         - 空指针引用拒绝服务漏洞
         - 分段错误拒绝服务漏洞
         - 死循环漏洞
         - 内存耗尽拒绝服务漏洞
         - 双重释放漏洞
         - 未明的拒绝服务漏洞
        这些漏洞可能允许远程攻击者执行任意代码或导致受影响的应用程序崩溃。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:ethereal_group:ethereal:0.10.8
cpe:/a:ethereal_group:ethereal:0.9.8
cpe:/a:ethereal_group:ethereal:0.10.9
cpe:/a:ethereal_group:ethereal:0.9
cpe:/a:ethereal_group:ethereal:0.9.11
cpe:/a:ethereal_group:ethereal:0.9.16
cpe:/a:ethereal_group:ethereal:0.9.2
cpe:/a:ethereal_group:ethereal:0.9.4
cpe:/a:ethereal_group:ethereal:0.9.5
cpe:/a:ethereal_group:ethereal:0.10.10
cpe:/a:ethereal_group:ethereal:0.8.14
cpe:/a:ethereal_group:ethereal:0.10.1
cpe:/a:ethereal_group:ethereal:0.10.7
cpe:/a:ethereal_group:ethereal:0.10.2
cpe:/a:ethereal_group:ethereal:0.9.12
cpe:/a:ethereal_group:ethereal:0.8
cpe:/a:ethereal_group:ethereal:0.9.15
cpe:/a:ethereal_group:ethereal:0.9.3
cpe:/a:ethereal_group:ethereal:0.10.4
cpe:/a:ethereal_group:ethereal:0.8.15
cpe:/a:ethereal_group:ethereal:0.10.5
cpe:/a:ethereal_group:ethereal:0.10.3
cpe:/a:ethereal_group:ethereal:0.9.7
cpe:/a:ethereal_group:ethereal:0.9.9
cpe:/a:ethereal_group:ethereal:0.9.14
cpe:/a:ethereal_group:ethereal:0.9.10
cpe:/a:ethereal_group:ethereal:0.10.6
cpe:/a:ethereal_group:ethereal:0.9.13
cpe:/a:ethereal_group:ethereal:0.8.18
cpe:/a:ethereal_group:ethereal:0.8.13
cpe:/a:ethereal_group:ethereal:0.9.1
cpe:/a:ethereal_group:ethereal:0.8.19
cpe:/a:ethereal_group:ethereal:0.9.6
cpe:/a:ethereal_group:ethereal:0.10

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10713Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A dissectors in Ethereal before 0.10.11 may allow remote attackers to ex...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1463
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1463
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-913
(官方数据源) CNNVD

- 其它链接及资源

http://www.ethereal.com/news/item_20050504_01.html
(VENDOR_ADVISORY)  CONFIRM  http://www.ethereal.com/news/item_20050504_01.html
http://www.ethereal.com/appnotes/enpa-sa-00019.html
(VENDOR_ADVISORY)  CONFIRM  http://www.ethereal.com/appnotes/enpa-sa-00019.html
http://www.securityfocus.com/bid/13504
(UNKNOWN)  BID  13504
http://www.redhat.com/support/errata/RHSA-2005-427.html
(UNKNOWN)  REDHAT  RHSA-2005:427
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
(UNKNOWN)  FEDORA  FLSA-2006:152922
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963
(UNKNOWN)  CONECTIVA  CLSA-2005:963

- 漏洞信息

Ethereal多个协议分析处理模块漏洞
高危 格式化字符串
2005-05-05 00:00:00 2005-10-20 00:00:00
远程  
        Ethereal是一款非常流行的网络协议分析工具。
        Ethereal厂商报告了各种协议处理模块中的多个漏洞,包括:
         - 缓冲区溢出漏洞
         - 格式串漏洞
         - 空指针引用拒绝服务漏洞
         - 分段错误拒绝服务漏洞
         - 死循环漏洞
         - 内存耗尽拒绝服务漏洞
         - 双重释放漏洞
         - 未明的拒绝服务漏洞
        这些漏洞可能允许远程攻击者执行任意代码或导致受影响的应用程序崩溃。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
        http://security.gentoo.org/glsa/glsa-200505-03.xml

- 漏洞信息 (F38410)

Gentoo Linux Security Advisory 200505-3 (PacketStormID:F38410)
2005-07-02 00:00:00
Gentoo  security.gentoo.org
advisory,arbitrary,vulnerability
linux,gentoo
CVE-2005-1456,CVE-2005-1457,CVE-2005-1458,CVE-2005-1459,CVE-2005-1460,CVE-2005-1461,CVE-2005-1462,CVE-2005-1463,CVE-2005-1464,CVE-2005-1465,CVE-2005-1466,CVE-2005-1467,CVE-2005-1468,CVE-2005-1469,CVE-2005-1470
[点击下载]

Gentoo Linux Security Advisory GLSA 200505-03 - Ethereal is vulnerable to numerous vulnerabilities potentially resulting in the execution of arbitrary code or abnormal termination. Versions less than 0.10.11 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200505-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Ethereal: Numerous vulnerabilities
      Date: May 06, 2005
      Bugs: #90539
        ID: 200505-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Ethereal is vulnerable to numerous vulnerabilities potentially
resulting in the execution of arbitrary code or abnormal termination.

Background
==========

Ethereal is a feature rich network protocol analyzer.

Affected packages
=================

    -------------------------------------------------------------------
     Package                /  Vulnerable  /                Unaffected
    -------------------------------------------------------------------
  1  net-analyzer/ethereal      < 0.10.11                   >= 0.10.11

Description
===========

There are numerous vulnerabilities in versions of Ethereal prior to
0.10.11, including:

* The ANSI A and DHCP dissectors are vulnerable to format string
  vulnerabilities.

* The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP,
  PKIX1Explitit, PKIX Qualified, X.509, Q.931, MEGACO, NCP, ISUP, TCAP
  and Presentation dissectors are vulnerable to buffer overflows.

* The KINK, WSP, SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and SMB
  NETLOGON dissectors are vulnerable to pointer handling errors.

* The LMP, KINK, MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw, NCP and
  L2TP dissectors are vulnerable to looping problems.

* The Telnet and DHCP dissectors could abort.

* The TZSP, Bittorrent, SMB, MGCP and ISUP dissectors could cause a
  segmentation fault.

* The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2,
  RADIUS, SMB PIPE, MRDISC and TCAP dissectors could throw assertions.

* The DICOM, NDPS and ICEP dissectors are vulnerable to memory
  handling errors.

* The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and NTLMSSP
  dissectors could terminate abnormallly.

Impact
======

An attacker might be able to use these vulnerabilities to crash
Ethereal and execute arbitrary code with the permissions of the user
running Ethereal, which could be the root user.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Ethereal users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.11"

References
==========

  [ 1 ] Ethereal enpa-sa-00019
        http://www.ethereal.com/appnotes/enpa-sa-00019.html
  [ 2 ] CAN-2005-1456
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1456
  [ 3 ] CAN-2005-1457
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1457
  [ 4 ] CAN-2005-1458
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1458
  [ 5 ] CAN-2005-1459
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1459
  [ 6 ] CAN-2005-1460
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1460
  [ 7 ] CAN-2005-1461
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1461
  [ 8 ] CAN-2005-1462
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1462
  [ 9 ] CAN-2005-1463
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1463
  [ 10 ] CAN-2005-1464
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1464
  [ 11 ] CAN-2005-1465
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1465
  [ 12 ] CAN-2005-1466
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1466
  [ 13 ] CAN-2005-1467
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1467
  [ 14 ] CAN-2005-1468
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1468
  [ 15 ] CAN-2005-1469
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1469
  [ 16 ] CAN-2005-1470
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1470

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-03.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

16094
Ethereal ANSI A Dissector Remote Format String
Remote / Network Access, Local / Remote, Context Dependent Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A remote format string handling flaw exists in Ethereal. The ANSI A dissector fails to validate user-supplied input. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-05-04 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.10.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站