Ethereal多重漏洞

漏洞信息详情

Ethereal多重漏洞

• CNNVD编号：CNNVD-200405-019
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0365
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  2004-05-04
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  ethereal_group
• 漏洞来源：
  Discovery is credi…

Ethereal 0.8.13到0.10.2版本packet-radius.c程序的dissect_attribute_value_pairs函数存在漏洞。远程攻击者借助触发空解引用的畸形RADIUS数据包导致服务拒绝（崩溃）。

The vendor has released version 0.10.3 to address these issues.
SGI have released an advisory (20040402-01-U) and a patch to address these issues in SGI ProPack version 2.3 and 2.4. The vendor has advised that customers apply this patch as soon as possible. Further details regarding obtaining and applying an appropriate patch can be found in the referenced advisory. Patch is linked below.
Gentoo have released an advisory (GLSA 200403-07) and updates to address these issues. Gentoo users are advised to upgrade to current packages by emerging the updated packages as follows:
# emerge sync
# emerge -pv “>=net-analyzer/ethereal-0.10.3”
# emerge “>=net-analyzer/ethereal-0.10.3”
Netwosix Linux has released advisory LNSA-#2004-0007 dealing with these issues. Please see the referenced advisory for more information.
RedHat Enterprise Linux has released advisory RHSA-2004:136-09 dealing with this issue. Please see the referenced advisory for more information and details on obtaining fixes.
RedHat has released advisory RHSA-2004:137-01 dealing with this issue. Please see the referenced advisory for more information and details on obtaining fixes.
Mandrake has released an advisory that includes updates for this issue.
Conectiva has released an advisory CLSA-2004:835 to address these issues. Please see the advisory in web references for more details.
OpenPKG has released advisory OpenPKG-SA-2004.015 and an update dealing with this issue. Please see below for the update, and the referenced advisory for more information.
SGI has released an advisory (20040506-01-U) with Patch 10075 for SGI
ProPack 3 to address these and other issues. Please see the referenced
advisory for more information.
Debian has released advisory DSA 511-1 to address this issue. It is noted that CAN-2004-0176 partially affects Debian woody and CAN-2004-0367/CAN-2004-0365 do not affect the distribution at all. Please see the attached advisory for more details on obtaining fixes.
RedHat has released a Fedora legacy advisory (FLSA:1840) to address various issues in Ethereal. This advisory fixes these issues in Red Hat Linux 7.3 and 9 running on the i386 architecture. Please see the referenced advisory for more details and information about obtaining fixes.
Ethereal Group Ethereal 0.10

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html
• OpenPKG ethereal-0.10.0a-2.0.1.src.rpm
  ftp.openpkg.org/release/2.0/UPD/ethereal-0.10.0a-2.0.1.src.rpm

Ethereal Group Ethereal 0.10.1

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.10.2

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.8.13

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.8.14

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.8.18

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.8.19

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.1

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.10

• Conectiva ethereal-0.10.3-27097U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-0.10.3-27097U90_2c
  l.i386.rpm
• Conectiva ethereal-common-0.10.3-27097U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-common-0.10.3-2709
  7U90_2cl.i386.rpm
• Conectiva ethereal-gtk-0.10.3-27097U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-gtk-0.10.3-27097U9
  0_2cl.i386.rpm
• Conectiva ethereal-utils-0.10.3-27097U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-utils-0.10.3-27097
  U90_2cl.i386.rpm
• Conectiva tethereal-0.10.3-27097U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/tethereal-0.10.3-27097U90_2
  cl.i386.rpm
• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.11

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.12

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.13

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html
• Mandrake ethereal-0.10.3-0.1.91mdk.i586.rpmMandrakelinux 9.1.
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake ethereal-0.10.3-0.1.91mdk.ppc.rpmMandrakelinux 9.1/PPC.
  
  http://www.mandrakesecure.net/en/ftp.php

Ethereal Group Ethereal 0.9.14

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.15

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.16

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html
• Mandrake ethereal-0.10.3-0.1.92mdk.amd64.rpmMandrakelinux 9.2/AMD64.
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake ethereal-0.10.3-0.1.92mdk.i586.rpmMandrakelinux 9.2.
  
  http://www.mandrakesecure.net/en/ftp.php

Ethereal Group Ethereal 0.9.2

• Ethereal Group Ethereal 0.10.3
  
  http://www.ethereal.com/download.html

来源:US-CERT Vulnerability Note: VU#124454
名称: VU#124454
链接:http://www.kb.cert.org/vuls/id/124454

来源: BUGTRAQ
名称: 20040329 LNSA-#2004-0007: Multiple security problems in Ethereal
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108058005324316&w=2

来源: XF
名称: ethereal-radius-dos(15571)
链接:http://xforce.iss.net/xforce/xfdb/15571

来源: REDHAT
名称: RHSA-2004:137
链接:http://www.redhat.com/support/errata/RHSA-2004-137.html

来源: REDHAT
名称: RHSA-2004:136
链接:http://www.redhat.com/support/errata/RHSA-2004-136.html

来源: www.ethereal.com
链接:http://www.ethereal.com/appnotes/enpa-sa-00013.html

来源: GENTOO
名称: GLSA-200403-07
链接:http://security.gentoo.org/glsa/glsa-200403-07.xml

来源: SECUNIA
名称: 11185
链接:http://secunia.com/advisories/11185

来源: OVAL
名称: oval:org.mitre.oval:def:9196
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9196

来源: MLIST
名称: [ethereal-dev] 20040318 ethereal radius dissector vulnerability
链接:http://marc.theaimsgroup.com/?l=ethereal-dev&m=107962966700423&w=2

来源: MANDRAKE
名称: MDKSA-2004:024
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:024

来源: BUGTRAQ
名称: 20040416 [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108213710306260&w=2

来源: CONECTIVA
名称: CLA-2004:835
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835

来源: US Government Resource: oval:org.mitre.oval:def:891
名称: oval:org.mitre.oval:def:891
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:891

来源: US Government Resource: oval:org.mitre.oval:def:879
名称: oval:org.mitre.oval:def:879
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:879