OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12

To: [email protected] [email protected] [email protected]
[email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    SCO Security Advisory

Subject: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12
Advisory number: CSSA-2003-030.0
Issue date: 2003 November 07
Cross reference: sr883585 fz528203 erg712398 CAN-2003-0428 CAN-2003-0429 CAN-2003-0430
CAN-2003-0431 CAN-2003-0432

1. Problem Description

    Multiple vulnerabilities have reported in Ethereal 0.9.12. 
    
    Ethereal is a freely available network protocol analyzer for 
    Microsoft Windows and multiple Unix-based operating systems. 
    
    Ethereal versions 0.9.12 and earlier are vulnerable to multiple 
    issues. The Vulnerabilities are: 
    
    1. The DCERPC dissector could try to allocate too much memory 
    while trying to decode an NDR string. The Common Vulnerabilities 
    and Exposures project (cve.mitre.org) has assigned the following 
    name CAN-2003-0428 to this issue. 
    
    2. Bad IPv4 or IPv6 prefix lengths could cause an overflow in the 
    OSI dissector. The Common Vulnerabilities and Exposures project 
    (cve.mitre.org) has assigned the following name CAN-2003-0429 to 
    this issue. 
    
    3. The SPNEGO dissector could segfault while parsing an invalid 
    ASN.1 value. The Common Vulnerabilities and Exposures project 
    (cve.mitre.org) has assigned the following name CAN-2003-0430 
    to this issue. 
    
    4. The tvb_get_nstringz0() routine incorrectly handled a zero-
    length buffer size. The Common Vulnerabilities and Exposures 
    project (cve.mitre.org) has assigned the following name 
    CAN-2003-0431 to this issue. 
    
    5. The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI 
    dissectors handled strings improperly. The Common Vulnerabilities 
    and Exposures project (cve.mitre.org) has assigned the following 
    name CAN-2003-0432 to this issue. 
    
    POTENTIAL IMPACT 
    It may be possible to make Ethereal crash or run arbitrary code
    by injecting a purposefully malformed packet onto the wire,
    or by convincing someone to read a malformed packet trace file.
   

2. Vulnerable Supported Versions

    System                          Package
    -------------------------------------------------------------------
    OpenLinux 3.1.1 Server          prior to ethereal-0.9.13-1.i386.rpm
    OpenLinux 3.1.1 Workstation     prior to ethereal-0.9.13-1.i386.rpm
   

3. Solution

    The proper solution is to install the latest packages. Many
    customers find it easier to use the Caldera System Updater, called
    cupdate (or kcupdate under the KDE environment), to update these
    packages rather than downloading and installing them by hand.
   

4. OpenLinux 3.1.1 Server

    4.1 Package Location
   
    ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-030.0/RPMS
   
    4.2 Packages
   
    9c5039a96d35a4bb91cddfa40adb7e2c        ethereal-0.9.13-1.i386.rpm
   
    4.3 Installation
   
    rpm -Fvh ethereal-0.9.13-1.i386.rpm
   
    4.4 Source Package Location
   
    ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-030.0/SRPMS
   
    4.5 Source Packages
   
    991395b4b4bcf0375e7dfe6a09108faf        ethereal-0.9.13-1.src.rpm
   

5. OpenLinux 3.1.1 Workstation

    5.1 Package Location
   
    ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-030.0/RPMS
   
    5.2 Packages
   
    9d87667d906a624fc6e05434187941c1        ethereal-0.9.13-1.i386.rpm
   
    5.3 Installation
   
    rpm -Fvh ethereal-0.9.13-1.i386.rpm
   
    5.4 Source Package Location
   
    ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-030.0/SRPMS
   
    5.5 Source Packages
   
    391d94b691aee0b3194583675c400cd7        ethereal-0.9.13-1.src.rpm
   

6. References

    Specific references for this advisory:
            http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0428 
            http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0429
            http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0430
            http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0431
            http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0432
   
    SCO security resources:
            http://www.sco.com/support/security/index.html
   
    This security fix closes SCO incidents sr883585 fz528203
    erg712398.
   

7. Disclaimer

    SCO is not responsible for the misuse of any of the information
    we provide on this website and/or through our security
    advisories. Our advisories are a service to our customers intended
    to promote secure installation and use of SCO products.
   

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj+sNhQACgkQbluZssSXDTEZMwCfUH9bcXlH1HwcxpnZp2+wIWvx
CCEAoKkO/by2uLsop7CdEmSE2zvXUY/A
=T8Uu
-----END PGP SIGNATURE-----