Yellow Dog Linux Security Advisory: YDU-20020606-7
Dan Burcaw
yellowdog-updates@lists.terrasoftsolutions.com
Thu, 6 Jun 2002 20:00:50 -0600 (MDT)
Yellow Dog Linux Security Announcement
--------------------------------------
Package: ethereal
Issue Date: June 06, 2002
Priority: high
Advisory ID: YDU-20020606-7
1. Topic:
Updated ethereal packages are available.
2. Problem:
"Ethereal is a package designed for monitoring network traffic on your
system. Several security issues have been found in Ethereal:
Due to improper string and error handling in Ethereal's ASN.1 parser, it is
possible for a malformed SNMP or LDAP packet to cause a memory allocation
or buffer overrun error in Ethereal versions before 0.9.2 (CAN-2002-0013
CAN-2002-0012)
The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to
cause a denial of service (crash) via a certain malformed packet, which
causes Ethereal to allocate memory incorrectly, possibly due to zero-length
fields. (CAN-2002-0353)
The SMB dissector in Ethereal prior to version 0.9.2 allows remote
attackers to cause a denial of service (crash) or execute arbitrary code
via malformed packets that cause Ethereal to dereference a NULL pointer.
(CAN-2002-0401)
A buffer overflow in X11 dissector in Ethereal before 0.9.3 allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code while Ethereal is parsing keysyms. (CAN-2002-0402)
The DNS dissector in Ethereal before 0.9.3 allows remote attackers to
cause a denial of service (CPU consumption) via a malformed packet
that causes Ethereal to enter an infinite loop. (CAN-2002-0403)
A vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote
attackers to cause a denial of service (memory consumption). (CAN-2002-0404)
Users of Ethereal should update to the errata packages containing Ethereal
version 0.9.4 which is not vulnerable to these issues."
(from Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install ethereal
b) Updating manually...
The update can also be retrieved manually from our ftp site
below along with the rpm command that should be used to install
the update. (Please use a mirror site)
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/ppc/
rpm -Fvh ucd-snmp-*4.2.3-1.7.2.3.ppc.rpm
rpm -Fvh ethereal-*0.9.4-0.7.2.0a.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
eb784e2d9f8131158372204c90068d78 ppc/ethereal-0.9.4-0.7.2.0a.ppc.rpm
d5da4c0d0adcd833773ca54e828e37a7 ppc/ethereal-gnome-0.9.4-0.7.2.0a.ppc.rpm
d791fab4ce42d14f6a703224ec409d06 ppc/ucd-snmp-4.2.3-1.7.2.3.ppc.rpm
f14ffc4f201b45446c0e9fba30ad68d8 ppc/ucd-snmp-devel-4.2.3-1.7.2.3.ppc.rpm
ec9f8cfc60770b58904d5c652aeea854 ppc/ucd-snmp-utils-4.2.3-1.7.2.3.ppc.rpm
d7924b3968cd76707ae4f5f800bab772 SRPMS/ethereal-0.9.4-0.7.2.0a.src.rpm
61b8b985ab201f067235612c387e94e0 SRPMS/ucd-snmp-4.2.3-1.7.2.3.src.rpm
If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_2.2/apt-get.shtml