CVE-2006-1935
CVSS5.0
发布时间 :2006-04-25 08:50:00
修订时间 :2011-03-07 21:34:34
NMCOP    

[原文]Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector.


[CNNVD]Ethereal 缓冲区溢出漏洞(CNNVD-200604-489)

        Ethereal 0.9.15至0.10.14中存在缓冲区溢出漏洞。这使得远程攻击者可以借助于COPS分析器造成拒绝服务并可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:ethereal_group:ethereal:0.10.8
cpe:/a:ethereal_group:ethereal:0.10.9
cpe:/a:ethereal_group:ethereal:0.9.16
cpe:/a:ethereal_group:ethereal:0.10.6
cpe:/a:ethereal_group:ethereal:0.10.10
cpe:/a:ethereal_group:ethereal:0.10.11
cpe:/a:ethereal_group:ethereal:0.10.1
cpe:/a:ethereal_group:ethereal:0.10.7
cpe:/a:ethereal_group:ethereal:0.10.2
cpe:/a:ethereal_group:ethereal:0.10.13
cpe:/a:ethereal_group:ethereal:0.9.15
cpe:/a:ethereal_group:ethereal:0.10.0
cpe:/a:ethereal_group:ethereal:0.10.4
cpe:/a:ethereal_group:ethereal:0.10.12
cpe:/a:ethereal_group:ethereal:0.10.5
cpe:/a:ethereal_group:ethereal:0.10.0a
cpe:/a:ethereal_group:ethereal:0.10
cpe:/a:ethereal_group:ethereal:0.10.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10811Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1935
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1935
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-489
(官方数据源) CNNVD

- 其它链接及资源

http://www.ethereal.com/appnotes/enpa-sa-00023.html
(PATCH)  CONFIRM  http://www.ethereal.com/appnotes/enpa-sa-00023.html
http://www.vupen.com/english/advisories/2006/1501
(UNKNOWN)  VUPEN  ADV-2006-1501
http://xforce.iss.net/xforce/xfdb/26013
(UNKNOWN)  XF  ethereal-cops-dissector-bo(26013)
http://www.securityfocus.com/bid/17682
(UNKNOWN)  BID  17682
http://www.redhat.com/support/errata/RHSA-2006-0420.html
(UNKNOWN)  REDHAT  RHSA-2006:0420
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html
(UNKNOWN)  FEDORA  FEDORA-2006-461
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html
(UNKNOWN)  FEDORA  FEDORA-2006-456
http://www.mandriva.com/security/advisories?name=MDKSA-2006:077
(UNKNOWN)  MANDRIVA  MDKSA-2006:077
http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml
(UNKNOWN)  GENTOO  GLSA-200604-17
http://www.debian.org/security/2006/dsa-1049
(UNKNOWN)  DEBIAN  DSA-1049
http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm
http://securitytracker.com/id?1015985
(UNKNOWN)  SECTRACK  1015985
http://secunia.com/advisories/20944
(UNKNOWN)  SECUNIA  20944
http://secunia.com/advisories/20210
(UNKNOWN)  SECUNIA  20210
http://secunia.com/advisories/20117
(UNKNOWN)  SECUNIA  20117
http://secunia.com/advisories/19962
(UNKNOWN)  SECUNIA  19962
http://secunia.com/advisories/19958
(UNKNOWN)  SECUNIA  19958
http://secunia.com/advisories/19839
(UNKNOWN)  SECUNIA  19839
http://secunia.com/advisories/19828
(UNKNOWN)  SECUNIA  19828
http://secunia.com/advisories/19805
(UNKNOWN)  SECUNIA  19805
http://secunia.com/advisories/19769
(UNKNOWN)  SECUNIA  19769
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
(UNKNOWN)  SUSE  SUSE-SR:2006:010
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
(UNKNOWN)  SGI  20060501-01-U

- 漏洞信息

Ethereal 缓冲区溢出漏洞
中危 缓冲区溢出
2006-04-25 00:00:00 2006-04-26 00:00:00
远程  
        Ethereal 0.9.15至0.10.14中存在缓冲区溢出漏洞。这使得远程攻击者可以借助于COPS分析器造成拒绝服务并可能执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Ethereal Group Ethereal 0.10 .10
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.1
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.11
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        RedHat ethereal-0.99.0-fc4.1.i386.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-0.99.0-fc4.1.ppc.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-0.99.0-fc4.1.src.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-0.99.0-fc4.1.x86_64.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-debuginfo-0.99.0-fc4.1.i386.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-debuginfo-0.99.0-fc4.1.ppc.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-debuginfo-0.99.0-fc4.1.x86_64.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-gnome-0.99.0-fc4.1.i386.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-gnome-0.99.0-fc4.1.ppc.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-gnome-0.99.0-fc4.1.x86_64.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        Ethereal Group Ethereal 0.10.13
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.2
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.3
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.4
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.5
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.6
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.7
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.8
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.9
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.8.5
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        

- 漏洞信息 (F46049)

Debian Linux Security Advisory 1049-1 (PacketStormID:F46049)
2006-05-05 00:00:00
Debian  debian.org
advisory,vulnerability
linux,debian
CVE-2006-1932,CVE-2006-1933,CVE-2006-1934,CVE-2006-1935,CVE-2006-1936,CVE-2006-1937,CVE-2006-1938,CVE-2006-1939,CVE-2006-1940
[点击下载]

Debian Security Advisory 1049-1 - Gerald Combs reported several vulnerabilities in ethereal, a popular network traffic analyser.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1049-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 2nd, 2006                           http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ethereal
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-1932 CVE-2006-1933 CVE-2006-1934 CVE-2006-1935
                 CVE-2006-1936 CVE-2006-1937 CVE-2006-1938 CVE-2006-1939
                 CVE-2006-1940
BugTraq ID     : 17682

Gerald Combs reported several vulnerabilities in ethereal, a popular
network traffic analyser.  The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2006-1932

    The OID printing routine is susceptible to an off-by-one error.

CVE-2006-1933

     The UMA and BER dissectors could go into an infinite loop.

CVE-2006-1934

    The Network Instruments file code could overrun a buffer.

CVE-2006-1935

    The COPS dissector contains a potential buffer overflow.

CVE-2006-1936

    The telnet dissector contains a buffer overflow.

CVE-2006-1937

    Bugs in the SRVLOC and AIM dissector, and in the statistics
    counter could crash ethereal.

CVE-2006-1938

    Null pointer dereferences in the SMB PIPE dissector and when
    reading a malformed Sniffer capture could crash ethereal.

CVE-2006-1939

    Null pointer dereferences in the ASN.1, GSM SMS, RPC and
    ASN.1-based dissector and an invalid display filter could crash
    ethereal.

CVE-2006-1940

    The SNDCP dissector could cause an unintended abortion.

For the old stable distribution (woody) these problems have been fixed in
version 0.9.4-1woody15.

For the stable distribution (sarge) these problems have been fixed in
version 0.10.10-2sarge5.

For the unstable distribution (sid) these problems have be fixed soon.

We recommend that you upgrade your ethereal packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.dsc
      Size/MD5 checksum:      683 f5bff4550f2712706891be0b33a5c319
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.diff.gz
      Size/MD5 checksum:    47029 aa2c792d7c10aeb0afddace8dbcc3142
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
      Size/MD5 checksum:  3278908 42e999daa659820ee93aaaa39ea1e9ea

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_alpha.deb
      Size/MD5 checksum:  1941176 c0bd9e770bd04be7e2ff5ea6cb2b0fa5
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_alpha.deb
      Size/MD5 checksum:   335152 95a1b229d7a6e79543194b82aff29c30
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_alpha.deb
      Size/MD5 checksum:   223422 54df193d5c200311f8f9276090036195
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_alpha.deb
      Size/MD5 checksum:  1708640 ab25aa5e1fee8e278f9c425829615309

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_arm.deb
      Size/MD5 checksum:  1636176 f82c9584151a33eef1b3693b8e67a631
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_arm.deb
      Size/MD5 checksum:   298738 421896ca7bd894b16420225f25248690
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_arm.deb
      Size/MD5 checksum:   207324 4427bba0d6eec28709ece4d090f4fbf5
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_arm.deb
      Size/MD5 checksum:  1440192 c26ae759afa2a89790e199ce3e1abfed

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_i386.deb
      Size/MD5 checksum:  1513692 0ea6ae18aad890b75e52e2033a8d7272
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_i386.deb
      Size/MD5 checksum:   287672 4a3da72b1f31bc66629cdf55ee1ea515
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_i386.deb
      Size/MD5 checksum:   199334 dada2cfb3d56156bd8eeb1085376fa64
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_i386.deb
      Size/MD5 checksum:  1327554 b4203d22fef4cfeb40d8902ddada1431

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_ia64.deb
      Size/MD5 checksum:  2150562 2613c355f9eaf55685e2628ce3dcaa96
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_ia64.deb
      Size/MD5 checksum:   374188 26efa65989409843726e4d25ec5d2220
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_ia64.deb
      Size/MD5 checksum:   234984 a19b594fae37f2b9ddf7b5e48b7eeaf2
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_ia64.deb
      Size/MD5 checksum:  1862538 f0c3877a52ee7e203684a69e8e1b7a16

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_hppa.deb
      Size/MD5 checksum:  1805158 f75ba9035748d6c56e31571451aa1fcb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_hppa.deb
      Size/MD5 checksum:   323506 53a83902125dab0c0951988ab7e3a52e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_hppa.deb
      Size/MD5 checksum:   217950 3bb7ef272aae97afc95d5bc14731e95c
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_hppa.deb
      Size/MD5 checksum:  1576712 01eaa92aa7125d31d18d2d36c055e080

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_m68k.deb
      Size/MD5 checksum:  1425114 7dc8a68ec7e806877f95966ab39a64b3
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_m68k.deb
      Size/MD5 checksum:   283944 5d68f9b3b916d979f298c8a54478c8fa
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_m68k.deb
      Size/MD5 checksum:   196166 6c221c27973e2f44c71ff7e90c8be0ce
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_m68k.deb
      Size/MD5 checksum:  1249342 c5e31cc4eea91b0e9e2c634d1f87d21b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mips.deb
      Size/MD5 checksum:  1617562 0cbc2fd3db0d85516179a7488694f5bf
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mips.deb
      Size/MD5 checksum:   306282 a0588f15ebdf26f8f9ebf78489a3f828
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mips.deb
      Size/MD5 checksum:   214840 1a9f079bc38f12c5492da1161d70fd82
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mips.deb
      Size/MD5 checksum:  1422372 1398d89817d64174dde7f554abbcaff1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mipsel.deb
      Size/MD5 checksum:  1599136 e17fec90a0bfe47abec4bbb6c067fce3
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mipsel.deb
      Size/MD5 checksum:   305862 06c9e9a0b7a3b4eed475fa87c3f33d7e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mipsel.deb
      Size/MD5 checksum:   214510 707495648b0ec05fd635ebd40809c44d
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mipsel.deb
      Size/MD5 checksum:  1407034 049872af7e26a2a3eed37f7d1b8da397

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_powerpc.deb
      Size/MD5 checksum:  1618582 0969944695575c38bfe97f0f1ec8fa4c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_powerpc.deb
      Size/MD5 checksum:   302984 73905beb4fee0207c55ac2bf56600b28
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_powerpc.deb
      Size/MD5 checksum:   210170 5e6ed572204bf8e97cbd9163e26cb172
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_powerpc.deb
      Size/MD5 checksum:  1420014 ab01e06c2040e057bc511667bbf941ea

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_s390.deb
      Size/MD5 checksum:  1575414 2bfa67f145a98258ea0ca34e336ab528
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_s390.deb
      Size/MD5 checksum:   301808 167cc96dab3135a280b7b13c2758223c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_s390.deb
      Size/MD5 checksum:   205232 d4c8a9b70a29fccfcb493c9458799a40
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_s390.deb
      Size/MD5 checksum:  1388106 1ed73c9d9980171c4f8eaa8532778d8e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_sparc.deb
      Size/MD5 checksum:  1583892 ac3be0a8fc225d51d27aee15caeb077c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_sparc.deb
      Size/MD5 checksum:   319082 841f2a50f55bc67df857f2481a3f92d2
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_sparc.deb
      Size/MD5 checksum:   205974 c59519dbf11aa5f56c731a16e20acdda
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_sparc.deb
      Size/MD5 checksum:  1390150 bdf573848be36b6ed3165c5d75a3f29d


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.dsc
      Size/MD5 checksum:      858 55a58ea14ca887cc2dfeec270bb11561
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.diff.gz
      Size/MD5 checksum:   172040 46280d94fb41aa0b736d35f0186e60ef
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
      Size/MD5 checksum:  7411510 e6b74468412c17bb66cd459bfb61471c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_alpha.deb
      Size/MD5 checksum:   542638 3de386402c0ee496cbc5bd3b491c302a
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_alpha.deb
      Size/MD5 checksum:  5475346 02b5d6d19cdec4961215ac98e6cdd7e1
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_alpha.deb
      Size/MD5 checksum:   154312 ceb6ee17ab969db103347a9d275644ef
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_alpha.deb
      Size/MD5 checksum:   105846 24e4e919dc119af96a7780b41f8d9e32

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_amd64.deb
      Size/MD5 checksum:   486106 c972edd617e2cca42380a76c65d733dc
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_amd64.deb
      Size/MD5 checksum:  5334006 558ff699cf05fe2cd3bf07c5e6adb106
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_amd64.deb
      Size/MD5 checksum:   154310 d7307316882b8af56a553ae661910fed
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_amd64.deb
      Size/MD5 checksum:    99140 4e3efe5e09d720a5e30572ad4d3d33e6

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_arm.deb
      Size/MD5 checksum:   472542 be6a76f72e5ffabee250b42c24f982fb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_arm.deb
      Size/MD5 checksum:  4686232 637e1824c42a2ae44cfd699344448309
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_arm.deb
      Size/MD5 checksum:   154330 c7bed2201c069908da4c6e5df9e5047c
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_arm.deb
      Size/MD5 checksum:    95104 382ee4fa876cf4ca1aeb74bd69b93ff1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_i386.deb
      Size/MD5 checksum:   443180 b0a5f623a201cd807ae1da8977d9ea5e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_i386.deb
      Size/MD5 checksum:  4495948 8a96bb9faa906c50bf57b1fdc8df3cbc
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_i386.deb
      Size/MD5 checksum:   154312 85dd88fd93b4451f8f727b5a95983527
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_i386.deb
      Size/MD5 checksum:    90532 8c089e8bbd339dd1a4b7541b20b8c683

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_ia64.deb
      Size/MD5 checksum:   674048 2dc16c501bb13d4a9fac22bd0d46ad5c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_ia64.deb
      Size/MD5 checksum:  6627824 238c462588134eb5b351b52ad720d584
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_ia64.deb
      Size/MD5 checksum:   154306 1eb55c9c9068752971ab0871a77bd661
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_ia64.deb
      Size/MD5 checksum:   128724 7c04bc28c4bd99d6464efbfee112515c

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_hppa.deb
      Size/MD5 checksum:   488920 99725a317fcdc7b6cdb444ce922cc48f
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_hppa.deb
      Size/MD5 checksum:  5786134 143e9e89865995d2763eb11de40086e3
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_hppa.deb
      Size/MD5 checksum:   154340 0bacc6d1202a966d3f68472a99b81c55
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_hppa.deb
      Size/MD5 checksum:    98030 f4ebbd89e4e728abef8cc6c9f97f1f8b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_m68k.deb
      Size/MD5 checksum:   447424 eff5a596b7648649dc4983d3fcae0112
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_m68k.deb
      Size/MD5 checksum:  5564316 6d378f14862d6de83162b14e4d81a48d
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_m68k.deb
      Size/MD5 checksum:   154378 d0620b1cdd51a8fe59b46a6003481e52
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_m68k.deb
      Size/MD5 checksum:    90548 8bc91b64b63b44e19e006a4bf506553c

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mips.deb
      Size/MD5 checksum:   462302 c1c320cc88f930f6335be5268cfa3b05
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mips.deb
      Size/MD5 checksum:  4722898 c301653c8be5e563de9e97efdb740080
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mips.deb
      Size/MD5 checksum:   154330 d71e4632c48fb395446749786f8db366
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mips.deb
      Size/MD5 checksum:    94354 ad11352de2c17df2c092474eed1c5473

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mipsel.deb
      Size/MD5 checksum:   457580 03034cef09a07e434a474bca2b923c0b
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mipsel.deb
      Size/MD5 checksum:  4459718 9e871979481810bbfbbeb580f935da90
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mipsel.deb
      Size/MD5 checksum:   154314 b854bd978b90440301a2416ced863ed9
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mipsel.deb
      Size/MD5 checksum:    94262 6c91edd661a6ec3b7db42c201494898a

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_powerpc.deb
      Size/MD5 checksum:   455296 e4ea400be56f6c9cd743e4be344c2401
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_powerpc.deb
      Size/MD5 checksum:  5066916 f2b0f6b96d0dfce11d85a8a7d95c0434
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_powerpc.deb
      Size/MD5 checksum:   154310 ed3b54822bf824812fd1bdafada04a13
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_powerpc.deb
      Size/MD5 checksum:    93982 8bda085946c6a883938492e8c96b1636

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_s390.deb
      Size/MD5 checksum:   479364 fb07e0e6e6985780eeabcb8b91108600
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_s390.deb
      Size/MD5 checksum:  5620226 71156fa57a0679fa75e824b7c830b17c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_s390.deb
      Size/MD5 checksum:   154316 7f686ed7c1c505f2addc401878988380
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_s390.deb
      Size/MD5 checksum:    99570 42200d3bf40bc90f7d2b2073cc6bd9aa

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_sparc.deb
      Size/MD5 checksum:   464956 9dd7c8b97c13c43fceaaa4fe6b2ce03d
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_sparc.deb
      Size/MD5 checksum:  5128390 315b2acfa8c9192b1831c067b20a7720
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_sparc.deb
      Size/MD5 checksum:   154324 49965a9ebadab664b0b7e93cbe90343f
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_sparc.deb
      Size/MD5 checksum:    93458 9c5f0182f18b8aca3e3c0acd22569db8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEVxJQW5ql+IAeqTIRAoS2AJ9H/QhXBjTO5K1KPwijhAwBVBE2WACdFz/X
lkSYmodsoONReuRtFGB9Jdg=
=y0oD
-----END PGP SIGNATURE-----

    

- 漏洞信息

24931
Ethereal COPS Dissector Overflow
Remote / Network Access Input Manipulation
Loss of Integrity, Loss of Availability Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

A remote overflow exists in Ethereal. Ethereal fails to properly handle an unspecified issue relating to the COPS dissector resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service and execute arbitrary code resulting in a loss of integrity, and/or availability>.

- 时间线

2006-04-24 Unknow
Unknow 2006-04-25

- 解决方案

Upgrade to version 0.99.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站