Ethereal多重漏洞

1370

漏洞信息详情

Ethereal多重漏洞

漏洞简介

Ethereal 0.8.13到0.10.2版本存在多个缓冲区溢出漏洞。远程攻击者借助(1) NetFlow,(2) IGAP,(3) EIGRP,(4) PGM, (5) IrDA,(6) BGP,(7) ISUP,或者(8) TCAP dissectors导致服务拒绝和可能执行任意代码。

漏洞公告

The vendor has released version 0.10.3 to address these issues.
SGI have released an advisory (20040402-01-U) and a patch to address these issues in SGI ProPack version 2.3 and 2.4. The vendor has advised that customers apply this patch as soon as possible. Further details regarding obtaining and applying an appropriate patch can be found in the referenced advisory. Patch is linked below.
Gentoo have released an advisory (GLSA 200403-07) and updates to address these issues. Gentoo users are advised to upgrade to current packages by emerging the updated packages as follows:
# emerge sync
# emerge -pv “>=net-analyzer/ethereal-0.10.3”
# emerge “>=net-analyzer/ethereal-0.10.3”
Netwosix Linux has released advisory LNSA-#2004-0007 dealing with these issues. Please see the referenced advisory for more information.
RedHat Enterprise Linux has released advisory RHSA-2004:136-09 dealing with this issue. Please see the referenced advisory for more information and details on obtaining fixes.
RedHat has released advisory RHSA-2004:137-01 dealing with this issue. Please see the referenced advisory for more information and details on obtaining fixes.
Mandrake has released an advisory that includes updates for this issue.
Conectiva has released an advisory CLSA-2004:835 to address these issues. Please see the advisory in web references for more details.
OpenPKG has released advisory OpenPKG-SA-2004.015 and an update dealing with this issue. Please see below for the update, and the referenced advisory for more information.
SGI has released an advisory (20040506-01-U) with Patch 10075 for SGI
ProPack 3 to address these and other issues. Please see the referenced
advisory for more information.
Debian has released advisory DSA 511-1 to address this issue. It is noted that CAN-2004-0176 partially affects Debian woody and CAN-2004-0367/CAN-2004-0365 do not affect the distribution at all. Please see the attached advisory for more details on obtaining fixes.
RedHat has released a Fedora legacy advisory (FLSA:1840) to address various issues in Ethereal. This advisory fixes these issues in Red Hat Linux 7.3 and 9 running on the i386 architecture. Please see the referenced advisory for more details and information about obtaining fixes.
Ethereal Group Ethereal 0.10

Ethereal Group Ethereal 0.10.1

Ethereal Group Ethereal 0.10.2

Ethereal Group Ethereal 0.8.13

Ethereal Group Ethereal 0.8.14

Ethereal Group Ethereal 0.8.18

Ethereal Group Ethereal 0.8.19

Ethereal Group Ethereal 0.9

Ethereal Group Ethereal 0.9.1

Ethereal Group Ethereal 0.9.10

Ethereal Group Ethereal 0.9.11

Ethereal Group Ethereal 0.9.12

Ethereal Group Ethereal 0.9.13

Ethereal Group Ethereal 0.9.14

Ethereal Group Ethereal 0.9.15

Ethereal Group Ethereal 0.9.16

Ethereal Group Ethereal 0.9.2

参考网址

来源:US-CERT Vulnerability Note: VU#931588
名称: VU#931588
链接:http://www.kb.cert.org/vuls/id/931588

来源:US-CERT Vulnerability Note: VU#864884
名称: VU#864884
链接:http://www.kb.cert.org/vuls/id/864884

来源:US-CERT Vulnerability Note: VU#740188
名称: VU#740188
链接:http://www.kb.cert.org/vuls/id/740188

来源:US-CERT Vulnerability Note: VU#659140
名称: VU#659140
链接:http://www.kb.cert.org/vuls/id/659140

来源:US-CERT Vulnerability Note: VU#644886
名称: VU#644886
链接:http://www.kb.cert.org/vuls/id/644886

来源:US-CERT Vulnerability Note: VU#591820
名称: VU#591820
链接:http://www.kb.cert.org/vuls/id/591820

来源:US-CERT Vulnerability Note: VU#433596
名称: VU#433596
链接:http://www.kb.cert.org/vuls/id/433596

来源:US-CERT Vulnerability Note: VU#125156
名称: VU#125156
链接:http://www.kb.cert.org/vuls/id/125156

来源:US-CERT Vulnerability Note: VU#119876
名称: VU#119876
链接:http://www.kb.cert.org/vuls/id/119876

来源: DEBIAN
名称: DSA-511
链接:http://www.debian.org/security/2004/dsa-511

来源: BUGTRAQ
名称: 20040329 LNSA-#2004-0007: Multiple security problems in Ethereal
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108058005324316&w=2

来源: XF
名称: ethereal-multiple-dissectors-bo(15569)
链接:http://xforce.iss.net/xforce/xfdb/15569

来源: REDHAT
名称: RHSA-2004:137
链接:http://www.redhat.com/support/errata/RHSA-2004-137.html

来源: REDHAT
名称: RHSA-2004:136
链接:http://www.redhat.com/support/errata/RHSA-2004-136.html

来源: www.ethereal.com
链接:http://www.ethereal.com/appnotes/enpa-sa-00013.html

来源: GENTOO
名称: GLSA-200403-07
链接:http://security.gentoo.org/glsa/glsa-200403-07.xml

来源: security.e-matters.de
链接:http://security.e-matters.de/advisories/032004.html

来源: SECUNIA
名称: 11185
链接:http://secunia.com/advisories/11185

来源: OVAL
名称: oval:org.mitre.oval:def:10187
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10187

来源: BUGTRAQ
名称: 20040323 Advisory 03/2004: Multiple (13) Ethereal remote overflows
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108007072215742&w=2

来源: OSVDB
名称: 6893
链接:http://www.osvdb.org/6893

来源: MANDRAKE
名称: MDKSA-2004:024
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:024

来源: BUGTRAQ
名称: 20040416 [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108213710306260&w=2

来源: CONECTIVA
名称: CLA-2004:835
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835

来源: US Government Resource: oval:org.mitre.oval:def:887
名称: oval:org.mitre.oval:def:887
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:887

来源: US Government Resource: oval:org.mitre.oval:def:878
名称: oval:org.mitre.oval:def:878
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:878

© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
信息安全
喜欢就支持一下吧
点赞0 分享
AI-robot的头像-一一网
asgbookphp ‘index.php’ 跨站脚本攻击漏洞-一一网
asgbookphp ‘index.php’ 跨站脚本攻击漏洞
asgbookphp ‘index.php’ 跨站脚本攻击漏洞
14年前 2.6W+
机器学习之随机森林回归篇(RandomForestRegressor)-一一网
机器学习之随机森林回归篇(RandomForestRegressor)
机器学习之随机森林回归篇(RandomForestRegressor)
4年前 4202
详解数仓中的数据分层:ODS、DWD、DWM、DWS、ADS-一一网
详解数仓中的数据分层:ODS、DWD、DWM、DWS、ADS
详解数仓中的数据分层:ODS、DWD、DWM、DWS、ADS
4年前 3895
DZCP Clanportal 'Index.PHP'任意文件上载漏洞-一一网
DZCP Clanportal 'Index.PHP'任意文件上载漏洞
DZCP Clanportal 'Index.PHP'任意文件上载漏洞
19年前 3842
Wireshark之抓包文件保存-一一网
Wireshark之抓包文件保存
Wireshark之抓包文件保存
4年前 3406
支付宝生活号H5接入支付宝支付流程-一一网
支付宝生活号H5接入支付宝支付流程
支付宝生活号H5接入支付宝支付流程
3年前 3135
相关推荐
asgbookphp ‘index.php’ 跨站脚本攻击漏洞-一一网
asgbookphp ‘index.php’ 跨站脚本攻击漏洞
asgbookphp ‘index.php’ 跨站脚本攻击漏洞
14年前 2.6W+
DZCP Clanportal 'Index.PHP'任意文件上载漏洞-一一网
DZCP Clanportal 'Index.PHP'任意文件上载漏洞
DZCP Clanportal 'Index.PHP'任意文件上载漏洞
19年前 3842
Symantec Critical System Protection 权限许可和访问控制问题漏洞-一一网
Symantec Critical System Protection 权限许可和访问控制问题漏洞
Symantec Critical System Protection 权限许可和访问控制问题漏洞
4年前 1084
deV!Lz Clanportal inc/filebrowser/browser.php 信息泄露漏洞-一一网
deV!Lz Clanportal inc/filebrowser/browser.php 信息泄露漏洞
deV!Lz Clanportal inc/filebrowser/browser.php 信息泄露漏洞
18年前 866
Microsoft ‘api.php’ 跨站脚本攻击漏洞-一一网
Microsoft ‘api.php’ 跨站脚本攻击漏洞
Microsoft ‘api.php’ 跨站脚本攻击漏洞
4年前 799
Vendor LPRM多个本地缓冲区溢出漏洞-一一网
Vendor LPRM多个本地缓冲区溢出漏洞
Vendor LPRM多个本地缓冲区溢出漏洞
20年前 700
搜索
开启精彩搜索
世界,您好!-一一网
3.7W+人已阅读
世界,您好!
TOP1
番茄社区无限观看+付费视频破解教程-一一网
番茄社区无限观看+付费视频破解教程
5年前3.2W+人已阅读
TOP2
香蕉视频v3.8.3_VIP会员破解教程-一一网
香蕉视频v3.8.3_VIP会员破解教程
5年前3.1W+人已阅读
TOP3
[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网
密码保护:[桜井宁宁]COS和泉纱雾超可爱写真福利集
5年前2.8W+人已阅读
TOP4
[桜井宁宁] 爆乳奶牛少女cos写真-一一网
密码保护:[桜井宁宁] 爆乳奶牛少女cos写真
5年前2.8W+人已阅读
TOP5
快猫v1.1.7会员破解版_最新快猫vip破解教程大全-一一网
快猫v1.1.7会员破解版_最新快猫vip破解教程大全
5年前2.7W+人已阅读
TOP6
标签云
默认路由黑裙黑群晖麦克风车机鸿蒙系统鸿蒙系统鸿蒙OS鸿蒙驱动软件驱动题库音频剪辑音乐剪辑面板面具静态雷石集群随机阿里云