Debian DSA-324-1 : ethereal - several vulnerabilities

2004-09-2900:00:00

www.tenable.com

Several of the packet dissectors in ethereal contain string handling bugs which could be exploited using a maliciously crafted packet to cause ethereal to consume excessive amounts of memory, crash, or execute arbitrary code.

These vulnerabilities were announced in the following Ethereal security advisory :

Ethereal 0.9.4 in Debian 3.0 (woody) is affected by most of the problems described in the advisory, including :

The DCERPC dissector could try to allocate too much memory while trying to decode an NDR string.
Bad IPv4 or IPv6 prefix lengths could cause an overflow in the OSI dissector.
The tvb_get_nstringz0() routine incorrectly handled a zero-length buffer size.
The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, and ISIS dissectors handled strings improperly.

The following problems do not affect this version :

The SPNEGO dissector could segfault while parsing an invalid ASN.1 value.
The RMI dissector handled strings improperly

as these modules are not present.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-324. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(15161);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2003-0428", "CVE-2003-0429", "CVE-2003-0431", "CVE-2003-0432");
  script_bugtraq_id(7878, 7880, 7881, 7883);
  script_xref(name:"DSA", value:"324");

  script_name(english:"Debian DSA-324-1 : ethereal - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several of the packet dissectors in ethereal contain string handling
bugs which could be exploited using a maliciously crafted packet to
cause ethereal to consume excessive amounts of memory, crash, or
execute arbitrary code.

These vulnerabilities were announced in the following Ethereal
security advisory :

Ethereal 0.9.4 in Debian 3.0 (woody) is affected by most of the
problems described in the advisory, including :

  - The DCERPC dissector could try to allocate too much
    memory while trying to decode an NDR string.
  - Bad IPv4 or IPv6 prefix lengths could cause an overflow
    in the OSI dissector.

  - The tvb_get_nstringz0() routine incorrectly handled a
    zero-length buffer size.

  - The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, and ISIS
    dissectors handled strings improperly.

The following problems do not affect this version :

  - The SPNEGO dissector could segfault while parsing an
    invalid ASN.1 value.
  - The RMI dissector handled strings improperly

as these modules are not present."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2003/dsa-324"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"For the stable distribution (woody) these problems have been fixed in
version 0.9.4-1woody5.

For the old stable distribution (potato) these problems will be fixed
in a future advisory.

We recommend that you update your ethereal package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ethereal");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"ethereal", reference:"0.9.4-1woody5")) flag++;
if (deb_check(release:"3.0", prefix:"ethereal-common", reference:"0.9.4-1woody5")) flag++;
if (deb_check(release:"3.0", prefix:"ethereal-dev", reference:"0.9.4-1woody5")) flag++;
if (deb_check(release:"3.0", prefix:"tethereal", reference:"0.9.4-1woody5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxetherealp-cpe:/a:debian:debian_linux:ethereal
debiandebian_linux3.0cpe:/o:debian:debian_linux:3.0

Vendor	Product	Version	CPE
debian	debian_linux	ethereal	p-cpe:/a:debian:debian_linux:ethereal
debian	debian_linux	3.0	cpe:/o:debian:debian_linux:3.0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0428

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0429

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0431

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0432

www.debian.org/security/2003/dsa-324

JSON

Related for DEBIAN_DSA-324.NASL