CVE-2006-1937
CVSS5.0
发布时间 :2006-04-25 08:50:00
修订时间 :2011-09-06 00:00:00
NMCOPS    

[原文]Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.


[CNNVD]Ethereal 多个未明漏洞(CNNVD-200604-494)

        Ethereal 0.10.x至0.10.14存在多个未明漏洞。这使得远程攻击者可以借助于(1)H.248中的多个向量、(2)X.509if、(3)SRVLOC、(4)H.245、(5)AIM、(6)通用包分析器和(7)统计计数器造成拒绝服务(由空值解引用而造成的崩溃)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:ethereal_group:ethereal:0.10.8
cpe:/a:ethereal_group:ethereal:0.10.9
cpe:/a:ethereal_group:ethereal:0.10.6
cpe:/a:ethereal_group:ethereal:0.10.10
cpe:/a:ethereal_group:ethereal:0.10.11
cpe:/a:ethereal_group:ethereal:0.10.1
cpe:/a:ethereal_group:ethereal:0.10.7
cpe:/a:ethereal_group:ethereal:0.10.2
cpe:/a:ethereal_group:ethereal:0.10.13
cpe:/a:ethereal_group:ethereal:0.10.0
cpe:/a:ethereal_group:ethereal:0.10.4
cpe:/a:ethereal_group:ethereal:0.10.12
cpe:/a:ethereal_group:ethereal:0.10.5
cpe:/a:ethereal_group:ethereal:0.10.0a
cpe:/a:ethereal_group:ethereal:0.10
cpe:/a:ethereal_group:ethereal:0.10.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10323Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null d...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1937
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1937
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-494
(官方数据源) CNNVD

- 其它链接及资源

http://www.ethereal.com/appnotes/enpa-sa-00023.html
(PATCH)  CONFIRM  http://www.ethereal.com/appnotes/enpa-sa-00023.html
http://xforce.iss.net/xforce/xfdb/26031
(UNKNOWN)  XF  ethereal-h248-dos(26031)
http://xforce.iss.net/xforce/xfdb/26019
(UNKNOWN)  XF  ethereal-aim-dos(26019)
http://xforce.iss.net/xforce/xfdb/26018
(UNKNOWN)  XF  ethereal-general-dissector-dos(26018)
http://xforce.iss.net/xforce/xfdb/26015
(UNKNOWN)  XF  ethereal-statistics-counter-dos(26015)
http://xforce.iss.net/xforce/xfdb/26011
(UNKNOWN)  XF  ethereal-h245-dos(26011)
http://xforce.iss.net/xforce/xfdb/26010
(UNKNOWN)  XF  ethereal-srvloc-dos(26010)
http://xforce.iss.net/xforce/xfdb/26009
(UNKNOWN)  XF  ethereal-x509if-dissector-dos(26009)
http://xforce.iss.net/xforce/xfdb/26007
(UNKNOWN)  XF  ethereal-h248-dissector-dos(26007)
http://www.vupen.com/english/advisories/2006/1501
(VENDOR_ADVISORY)  VUPEN  ADV-2006-1501
http://www.securityfocus.com/bid/17682
(UNKNOWN)  BID  17682
http://www.redhat.com/support/errata/RHSA-2006-0420.html
(UNKNOWN)  REDHAT  RHSA-2006:0420
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html
(UNKNOWN)  FEDORA  FEDORA-2006-461
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html
(UNKNOWN)  FEDORA  FEDORA-2006-456
http://www.mandriva.com/security/advisories?name=MDKSA-2006:077
(UNKNOWN)  MANDRIVA  MDKSA-2006:077
http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml
(UNKNOWN)  GENTOO  GLSA-200604-17
http://www.debian.org/security/2006/dsa-1049
(UNKNOWN)  DEBIAN  DSA-1049
http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm
http://securitytracker.com/id?1015985
(UNKNOWN)  SECTRACK  1015985
http://secunia.com/advisories/20944
(VENDOR_ADVISORY)  SECUNIA  20944
http://secunia.com/advisories/20210
(VENDOR_ADVISORY)  SECUNIA  20210
http://secunia.com/advisories/20117
(VENDOR_ADVISORY)  SECUNIA  20117
http://secunia.com/advisories/19962
(VENDOR_ADVISORY)  SECUNIA  19962
http://secunia.com/advisories/19958
(VENDOR_ADVISORY)  SECUNIA  19958
http://secunia.com/advisories/19839
(VENDOR_ADVISORY)  SECUNIA  19839
http://secunia.com/advisories/19828
(VENDOR_ADVISORY)  SECUNIA  19828
http://secunia.com/advisories/19805
(VENDOR_ADVISORY)  SECUNIA  19805
http://secunia.com/advisories/19769
(VENDOR_ADVISORY)  SECUNIA  19769
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
(UNKNOWN)  SUSE  SUSE-SR:2006:010
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
(UNKNOWN)  SGI  20060501-01-U

- 漏洞信息

Ethereal 多个未明漏洞
中危 资料不足
2006-04-25 00:00:00 2007-08-13 00:00:00
远程  
        Ethereal 0.10.x至0.10.14存在多个未明漏洞。这使得远程攻击者可以借助于(1)H.248中的多个向量、(2)X.509if、(3)SRVLOC、(4)H.245、(5)AIM、(6)通用包分析器和(7)统计计数器造成拒绝服务(由空值解引用而造成的崩溃)。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Ethereal Group Ethereal 0.10 .10
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.1
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.11
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        RedHat ethereal-0.99.0-fc4.1.i386.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-0.99.0-fc4.1.ppc.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-0.99.0-fc4.1.src.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-0.99.0-fc4.1.x86_64.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-debuginfo-0.99.0-fc4.1.i386.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-debuginfo-0.99.0-fc4.1.ppc.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-debuginfo-0.99.0-fc4.1.x86_64.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-gnome-0.99.0-fc4.1.i386.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-gnome-0.99.0-fc4.1.ppc.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        RedHat ethereal-gnome-0.99.0-fc4.1.x86_64.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
        Ethereal Group Ethereal 0.10.13
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.2
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.3
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.4
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.5
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.6
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.7
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.8
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.10.9
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        Ethereal Group Ethereal 0.8.5
        Ethereal Group Ethereal 0.99.0
        http://www.ethereal.com/download.html
        

- 漏洞信息 (F46049)

Debian Linux Security Advisory 1049-1 (PacketStormID:F46049)
2006-05-05 00:00:00
Debian  debian.org
advisory,vulnerability
linux,debian
CVE-2006-1932,CVE-2006-1933,CVE-2006-1934,CVE-2006-1935,CVE-2006-1936,CVE-2006-1937,CVE-2006-1938,CVE-2006-1939,CVE-2006-1940
[点击下载]

Debian Security Advisory 1049-1 - Gerald Combs reported several vulnerabilities in ethereal, a popular network traffic analyser.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1049-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 2nd, 2006                           http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ethereal
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2006-1932 CVE-2006-1933 CVE-2006-1934 CVE-2006-1935
                 CVE-2006-1936 CVE-2006-1937 CVE-2006-1938 CVE-2006-1939
                 CVE-2006-1940
BugTraq ID     : 17682

Gerald Combs reported several vulnerabilities in ethereal, a popular
network traffic analyser.  The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2006-1932

    The OID printing routine is susceptible to an off-by-one error.

CVE-2006-1933

     The UMA and BER dissectors could go into an infinite loop.

CVE-2006-1934

    The Network Instruments file code could overrun a buffer.

CVE-2006-1935

    The COPS dissector contains a potential buffer overflow.

CVE-2006-1936

    The telnet dissector contains a buffer overflow.

CVE-2006-1937

    Bugs in the SRVLOC and AIM dissector, and in the statistics
    counter could crash ethereal.

CVE-2006-1938

    Null pointer dereferences in the SMB PIPE dissector and when
    reading a malformed Sniffer capture could crash ethereal.

CVE-2006-1939

    Null pointer dereferences in the ASN.1, GSM SMS, RPC and
    ASN.1-based dissector and an invalid display filter could crash
    ethereal.

CVE-2006-1940

    The SNDCP dissector could cause an unintended abortion.

For the old stable distribution (woody) these problems have been fixed in
version 0.9.4-1woody15.

For the stable distribution (sarge) these problems have been fixed in
version 0.10.10-2sarge5.

For the unstable distribution (sid) these problems have be fixed soon.

We recommend that you upgrade your ethereal packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.dsc
      Size/MD5 checksum:      683 f5bff4550f2712706891be0b33a5c319
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.diff.gz
      Size/MD5 checksum:    47029 aa2c792d7c10aeb0afddace8dbcc3142
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
      Size/MD5 checksum:  3278908 42e999daa659820ee93aaaa39ea1e9ea

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_alpha.deb
      Size/MD5 checksum:  1941176 c0bd9e770bd04be7e2ff5ea6cb2b0fa5
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_alpha.deb
      Size/MD5 checksum:   335152 95a1b229d7a6e79543194b82aff29c30
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_alpha.deb
      Size/MD5 checksum:   223422 54df193d5c200311f8f9276090036195
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_alpha.deb
      Size/MD5 checksum:  1708640 ab25aa5e1fee8e278f9c425829615309

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_arm.deb
      Size/MD5 checksum:  1636176 f82c9584151a33eef1b3693b8e67a631
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_arm.deb
      Size/MD5 checksum:   298738 421896ca7bd894b16420225f25248690
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_arm.deb
      Size/MD5 checksum:   207324 4427bba0d6eec28709ece4d090f4fbf5
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_arm.deb
      Size/MD5 checksum:  1440192 c26ae759afa2a89790e199ce3e1abfed

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_i386.deb
      Size/MD5 checksum:  1513692 0ea6ae18aad890b75e52e2033a8d7272
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_i386.deb
      Size/MD5 checksum:   287672 4a3da72b1f31bc66629cdf55ee1ea515
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_i386.deb
      Size/MD5 checksum:   199334 dada2cfb3d56156bd8eeb1085376fa64
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_i386.deb
      Size/MD5 checksum:  1327554 b4203d22fef4cfeb40d8902ddada1431

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_ia64.deb
      Size/MD5 checksum:  2150562 2613c355f9eaf55685e2628ce3dcaa96
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_ia64.deb
      Size/MD5 checksum:   374188 26efa65989409843726e4d25ec5d2220
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_ia64.deb
      Size/MD5 checksum:   234984 a19b594fae37f2b9ddf7b5e48b7eeaf2
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_ia64.deb
      Size/MD5 checksum:  1862538 f0c3877a52ee7e203684a69e8e1b7a16

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_hppa.deb
      Size/MD5 checksum:  1805158 f75ba9035748d6c56e31571451aa1fcb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_hppa.deb
      Size/MD5 checksum:   323506 53a83902125dab0c0951988ab7e3a52e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_hppa.deb
      Size/MD5 checksum:   217950 3bb7ef272aae97afc95d5bc14731e95c
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_hppa.deb
      Size/MD5 checksum:  1576712 01eaa92aa7125d31d18d2d36c055e080

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_m68k.deb
      Size/MD5 checksum:  1425114 7dc8a68ec7e806877f95966ab39a64b3
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_m68k.deb
      Size/MD5 checksum:   283944 5d68f9b3b916d979f298c8a54478c8fa
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_m68k.deb
      Size/MD5 checksum:   196166 6c221c27973e2f44c71ff7e90c8be0ce
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_m68k.deb
      Size/MD5 checksum:  1249342 c5e31cc4eea91b0e9e2c634d1f87d21b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mips.deb
      Size/MD5 checksum:  1617562 0cbc2fd3db0d85516179a7488694f5bf
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mips.deb
      Size/MD5 checksum:   306282 a0588f15ebdf26f8f9ebf78489a3f828
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mips.deb
      Size/MD5 checksum:   214840 1a9f079bc38f12c5492da1161d70fd82
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mips.deb
      Size/MD5 checksum:  1422372 1398d89817d64174dde7f554abbcaff1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mipsel.deb
      Size/MD5 checksum:  1599136 e17fec90a0bfe47abec4bbb6c067fce3
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mipsel.deb
      Size/MD5 checksum:   305862 06c9e9a0b7a3b4eed475fa87c3f33d7e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mipsel.deb
      Size/MD5 checksum:   214510 707495648b0ec05fd635ebd40809c44d
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mipsel.deb
      Size/MD5 checksum:  1407034 049872af7e26a2a3eed37f7d1b8da397

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_powerpc.deb
      Size/MD5 checksum:  1618582 0969944695575c38bfe97f0f1ec8fa4c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_powerpc.deb
      Size/MD5 checksum:   302984 73905beb4fee0207c55ac2bf56600b28
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_powerpc.deb
      Size/MD5 checksum:   210170 5e6ed572204bf8e97cbd9163e26cb172
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_powerpc.deb
      Size/MD5 checksum:  1420014 ab01e06c2040e057bc511667bbf941ea

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_s390.deb
      Size/MD5 checksum:  1575414 2bfa67f145a98258ea0ca34e336ab528
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_s390.deb
      Size/MD5 checksum:   301808 167cc96dab3135a280b7b13c2758223c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_s390.deb
      Size/MD5 checksum:   205232 d4c8a9b70a29fccfcb493c9458799a40
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_s390.deb
      Size/MD5 checksum:  1388106 1ed73c9d9980171c4f8eaa8532778d8e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_sparc.deb
      Size/MD5 checksum:  1583892 ac3be0a8fc225d51d27aee15caeb077c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_sparc.deb
      Size/MD5 checksum:   319082 841f2a50f55bc67df857f2481a3f92d2
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_sparc.deb
      Size/MD5 checksum:   205974 c59519dbf11aa5f56c731a16e20acdda
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_sparc.deb
      Size/MD5 checksum:  1390150 bdf573848be36b6ed3165c5d75a3f29d


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.dsc
      Size/MD5 checksum:      858 55a58ea14ca887cc2dfeec270bb11561
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.diff.gz
      Size/MD5 checksum:   172040 46280d94fb41aa0b736d35f0186e60ef
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
      Size/MD5 checksum:  7411510 e6b74468412c17bb66cd459bfb61471c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_alpha.deb
      Size/MD5 checksum:   542638 3de386402c0ee496cbc5bd3b491c302a
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_alpha.deb
      Size/MD5 checksum:  5475346 02b5d6d19cdec4961215ac98e6cdd7e1
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_alpha.deb
      Size/MD5 checksum:   154312 ceb6ee17ab969db103347a9d275644ef
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_alpha.deb
      Size/MD5 checksum:   105846 24e4e919dc119af96a7780b41f8d9e32

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_amd64.deb
      Size/MD5 checksum:   486106 c972edd617e2cca42380a76c65d733dc
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_amd64.deb
      Size/MD5 checksum:  5334006 558ff699cf05fe2cd3bf07c5e6adb106
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_amd64.deb
      Size/MD5 checksum:   154310 d7307316882b8af56a553ae661910fed
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_amd64.deb
      Size/MD5 checksum:    99140 4e3efe5e09d720a5e30572ad4d3d33e6

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_arm.deb
      Size/MD5 checksum:   472542 be6a76f72e5ffabee250b42c24f982fb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_arm.deb
      Size/MD5 checksum:  4686232 637e1824c42a2ae44cfd699344448309
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_arm.deb
      Size/MD5 checksum:   154330 c7bed2201c069908da4c6e5df9e5047c
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_arm.deb
      Size/MD5 checksum:    95104 382ee4fa876cf4ca1aeb74bd69b93ff1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_i386.deb
      Size/MD5 checksum:   443180 b0a5f623a201cd807ae1da8977d9ea5e
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_i386.deb
      Size/MD5 checksum:  4495948 8a96bb9faa906c50bf57b1fdc8df3cbc
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_i386.deb
      Size/MD5 checksum:   154312 85dd88fd93b4451f8f727b5a95983527
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_i386.deb
      Size/MD5 checksum:    90532 8c089e8bbd339dd1a4b7541b20b8c683

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_ia64.deb
      Size/MD5 checksum:   674048 2dc16c501bb13d4a9fac22bd0d46ad5c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_ia64.deb
      Size/MD5 checksum:  6627824 238c462588134eb5b351b52ad720d584
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_ia64.deb
      Size/MD5 checksum:   154306 1eb55c9c9068752971ab0871a77bd661
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_ia64.deb
      Size/MD5 checksum:   128724 7c04bc28c4bd99d6464efbfee112515c

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_hppa.deb
      Size/MD5 checksum:   488920 99725a317fcdc7b6cdb444ce922cc48f
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_hppa.deb
      Size/MD5 checksum:  5786134 143e9e89865995d2763eb11de40086e3
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_hppa.deb
      Size/MD5 checksum:   154340 0bacc6d1202a966d3f68472a99b81c55
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_hppa.deb
      Size/MD5 checksum:    98030 f4ebbd89e4e728abef8cc6c9f97f1f8b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_m68k.deb
      Size/MD5 checksum:   447424 eff5a596b7648649dc4983d3fcae0112
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_m68k.deb
      Size/MD5 checksum:  5564316 6d378f14862d6de83162b14e4d81a48d
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_m68k.deb
      Size/MD5 checksum:   154378 d0620b1cdd51a8fe59b46a6003481e52
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_m68k.deb
      Size/MD5 checksum:    90548 8bc91b64b63b44e19e006a4bf506553c

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mips.deb
      Size/MD5 checksum:   462302 c1c320cc88f930f6335be5268cfa3b05
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mips.deb
      Size/MD5 checksum:  4722898 c301653c8be5e563de9e97efdb740080
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mips.deb
      Size/MD5 checksum:   154330 d71e4632c48fb395446749786f8db366
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mips.deb
      Size/MD5 checksum:    94354 ad11352de2c17df2c092474eed1c5473

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mipsel.deb
      Size/MD5 checksum:   457580 03034cef09a07e434a474bca2b923c0b
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mipsel.deb
      Size/MD5 checksum:  4459718 9e871979481810bbfbbeb580f935da90
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mipsel.deb
      Size/MD5 checksum:   154314 b854bd978b90440301a2416ced863ed9
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mipsel.deb
      Size/MD5 checksum:    94262 6c91edd661a6ec3b7db42c201494898a

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_powerpc.deb
      Size/MD5 checksum:   455296 e4ea400be56f6c9cd743e4be344c2401
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_powerpc.deb
      Size/MD5 checksum:  5066916 f2b0f6b96d0dfce11d85a8a7d95c0434
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_powerpc.deb
      Size/MD5 checksum:   154310 ed3b54822bf824812fd1bdafada04a13
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_powerpc.deb
      Size/MD5 checksum:    93982 8bda085946c6a883938492e8c96b1636

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_s390.deb
      Size/MD5 checksum:   479364 fb07e0e6e6985780eeabcb8b91108600
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_s390.deb
      Size/MD5 checksum:  5620226 71156fa57a0679fa75e824b7c830b17c
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_s390.deb
      Size/MD5 checksum:   154316 7f686ed7c1c505f2addc401878988380
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_s390.deb
      Size/MD5 checksum:    99570 42200d3bf40bc90f7d2b2073cc6bd9aa

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_sparc.deb
      Size/MD5 checksum:   464956 9dd7c8b97c13c43fceaaa4fe6b2ce03d
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_sparc.deb
      Size/MD5 checksum:  5128390 315b2acfa8c9192b1831c067b20a7720
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_sparc.deb
      Size/MD5 checksum:   154324 49965a9ebadab664b0b7e93cbe90343f
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_sparc.deb
      Size/MD5 checksum:    93458 9c5f0182f18b8aca3e3c0acd22569db8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEVxJQW5ql+IAeqTIRAoS2AJ9H/QhXBjTO5K1KPwijhAwBVBE2WACdFz/X
lkSYmodsoONReuRtFGB9Jdg=
=y0oD
-----END PGP SIGNATURE-----

    

- 漏洞信息

24906
Ethereal Statistics Counter Unspecified DoS
Remote / Network Access Denial of Service
Loss of Availability Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

Ethereal contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified issue with the statistics counter occurs, and will result in loss of availability for the service.

- 时间线

2006-04-24 Unknow
Unknow 2006-04-25

- 解决方案

Upgrade to version 0.99.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.99.0
Unknown 17682
Yes No
2006-04-24 12:00:00 2007-01-25 04:14:00
Coverity discovered some issues. The vendor also disclosed other issues.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SGI ProPack 3.0 SP6
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core5
Red Hat Fedora Core4
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Gentoo Linux
Ethereal Group Ethereal 0.10.14
Ethereal Group Ethereal 0.10.13
Ethereal Group Ethereal 0.10.12
Ethereal Group Ethereal 0.10.11
Ethereal Group Ethereal 0.10.9
+ Gentoo Linux
Ethereal Group Ethereal 0.10.8
Ethereal Group Ethereal 0.10.7
Ethereal Group Ethereal 0.10.6
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
Ethereal Group Ethereal 0.10.5
Ethereal Group Ethereal 0.10.4
Ethereal Group Ethereal 0.10.3
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0
Ethereal Group Ethereal 0.10.2
Ethereal Group Ethereal 0.10.1
Ethereal Group Ethereal 0.10 .10
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
Ethereal Group Ethereal 0.10
Ethereal Group Ethereal 0.9.16
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
Ethereal Group Ethereal 0.9.15
Ethereal Group Ethereal 0.9.14
Ethereal Group Ethereal 0.9.13
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Red Hat Fedora Core1
Ethereal Group Ethereal 0.9.12
Ethereal Group Ethereal 0.9.11
Ethereal Group Ethereal 0.9.10
Ethereal Group Ethereal 0.9.9
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Ethereal Group Ethereal 0.9.8
Ethereal Group Ethereal 0.9.7
Ethereal Group Ethereal 0.9.6
Ethereal Group Ethereal 0.9.5
Ethereal Group Ethereal 0.9.4
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
Ethereal Group Ethereal 0.9.3
Ethereal Group Ethereal 0.9.2
Ethereal Group Ethereal 0.9.1
- Compaq Tru64 5.0
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- HP HP-UX 11.0
- IBM AIX 5.1
- Linux kernel 2.4
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0
- NetBSD NetBSD 1.5
- OpenBSD OpenSSH 3.0
- SCO Unixware 7.0
- SGI IRIX 6.0
- Sun Solaris 8_sparc
Ethereal Group Ethereal 0.9
Ethereal Group Ethereal 0.8.5
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Converged Communications Server 2.0
Ethereal Group Ethereal 0.99

- 不受影响的程序版本

Ethereal Group Ethereal 0.99

- 漏洞讨论

The vendor has disclosed several vulnerabilities in Ethereal. The reported issues are in various protocol dissectors. These issues include:

- Buffer-overflow vulnerabilities
- Denial-of-service vulnerabilities
- Infinite loop denial-of-service vulnerabilities
- Unspecified denial-of-service vulnerabilities
- Off-by-one overflow vulnerabilities

These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application.

Various vulnerabilities affect different versions of Ethereal, from 0.8.5 through to 0.10.14.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

The vendor has released an advisory along with version 0.99.0 of Ethereal to address these issues.

Please see the referenced advisories for more information.


Ethereal Group Ethereal 0.10 .10

Ethereal Group Ethereal 0.10

Ethereal Group Ethereal 0.10.1

Ethereal Group Ethereal 0.10.11

Ethereal Group Ethereal 0.10.13

Ethereal Group Ethereal 0.10.2

Ethereal Group Ethereal 0.10.3

Ethereal Group Ethereal 0.10.4

Ethereal Group Ethereal 0.10.5

Ethereal Group Ethereal 0.10.6

Ethereal Group Ethereal 0.10.7

Ethereal Group Ethereal 0.10.8

Ethereal Group Ethereal 0.10.9

Ethereal Group Ethereal 0.8.5

Ethereal Group Ethereal 0.9

Ethereal Group Ethereal 0.9.1

Ethereal Group Ethereal 0.9.11

Ethereal Group Ethereal 0.9.12

Ethereal Group Ethereal 0.9.13

Ethereal Group Ethereal 0.9.15

Ethereal Group Ethereal 0.9.16

Ethereal Group Ethereal 0.9.4

Ethereal Group Ethereal 0.9.5

Ethereal Group Ethereal 0.9.7

Ethereal Group Ethereal 0.9.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站