Ethereal Multiple Remote Protocol Dissector Vulnerabilities
BID:13504
Info
Ethereal Multiple Remote Protocol Dissector Vulnerabilities
| Bugtraq ID: | 13504 |
| Class: | Design Error |
| CVE: |
CVE-2005-1456 CVE-2005-1457 CVE-2005-1458 CVE-2005-1459 CVE-2005-1460 CVE-2005-1461 CVE-2005-1462 CVE-2005-1463 CVE-2005-1464 CVE-2005-1465 CVE-2005-1466 CVE-2005-1467 CVE-2005-1468 CVE-2005-1469 CVE-2005-1470 |
| Remote: | Yes |
| Local: | No |
| Published: | May 05 2005 12:00AM |
| Updated: | Feb 27 2007 07:36PM |
| Credit: | These issues were disclosed by the vendor. The following people discovered various vulnerabilities: Bryan Fulton, Ilja van Sprundel, Neil Kettle, and Ejovi Nuwere |
| Vulnerable: |
SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 7 SuSE Linux Openexchange Server SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 SuSE Linux 7.3 sparc SuSE Linux 7.3 ppc SuSE Linux 7.3 i386 SuSE Linux 7.3 SuSE Linux 7.2 i386 SuSE Linux 7.2 SuSE Linux 7.1 x86 SuSE Linux 7.1 sparc SuSE Linux 7.1 ppc SuSE Linux 7.1 alpha SuSE Linux 7.1 SuSE Linux 7.0 sparc SuSE Linux 7.0 ppc SuSE Linux 7.0 i386 SuSE Linux 7.0 alpha SuSE Linux 7.0 SuSE Linux 6.4 ppc SuSE Linux 6.4 i386 SuSE Linux 6.4 alpha SuSE Linux 6.4 SuSE Linux 6.3 ppc SuSE Linux 6.3 alpha SuSE Linux 6.3 SuSE Linux 6.2 SuSE Linux 6.1 alpha SuSE Linux 6.1 SuSE Linux 6.0 SuSE Linux 5.3 SuSE Linux 5.2 SuSE Linux 5.1 SuSE Linux 5.0 SuSE Linux 4.4.1 SuSE Linux 4.4 SuSE Linux 4.3 SuSE Linux 4.2 SuSE Linux 4.0 SuSE Linux 3.0 SuSE Linux 2.0 SuSE Linux 1.0 SGI ProPack 3.0 SGI ProPack 2.4 SGI Advanced Linux Environment 3.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SuSE eMail Server III S.u.S.E. SuSE eMail Server 3.1 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Professional 7.3 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Office Server S.u.S.E. Linux IMAP Server 1.0 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server Redhat Linux 9.0 i386 Redhat Linux 7.3 i686 Redhat Linux 7.3 i386 Redhat Linux 7.3 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Ethereal Group Ethereal 0.10.9 Ethereal Group Ethereal 0.10.8 Ethereal Group Ethereal 0.10.7 Ethereal Group Ethereal 0.10.6 Ethereal Group Ethereal 0.10.5 Ethereal Group Ethereal 0.10.4 Ethereal Group Ethereal 0.10.3 Ethereal Group Ethereal 0.10.2 Ethereal Group Ethereal 0.10.1 Ethereal Group Ethereal 0.10 .10 Ethereal Group Ethereal 0.10 Ethereal Group Ethereal 0.9.16 Ethereal Group Ethereal 0.9.15 Ethereal Group Ethereal 0.9.14 Ethereal Group Ethereal 0.9.13 Ethereal Group Ethereal 0.9.12 Ethereal Group Ethereal 0.9.11 Ethereal Group Ethereal 0.9.10 Ethereal Group Ethereal 0.9.9 Ethereal Group Ethereal 0.9.8 Ethereal Group Ethereal 0.9.7 Ethereal Group Ethereal 0.9.6 Ethereal Group Ethereal 0.9.5 Ethereal Group Ethereal 0.9.4 Ethereal Group Ethereal 0.9.3 Ethereal Group Ethereal 0.9.2 Ethereal Group Ethereal 0.9.1 Ethereal Group Ethereal 0.9 Ethereal Group Ethereal 0.8.19 Ethereal Group Ethereal 0.8.18 Ethereal Group Ethereal 0.8.15 Ethereal Group Ethereal 0.8.14 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya Converged Communications Server 2.0 |
| Not Vulnerable: |
Ethereal Group Ethereal 0.10.11 Ethereal Group Ethereal 0.10.4 |
Discussion
Ethereal Multiple Remote Protocol Dissector Vulnerabilities
Many vulnerabilities in Ethereal have been disclosed by the vendor. The reported issues are in various protocol dissectors.
These issues include:
- Buffer-overflow vulnerabilities
- Format-string vulnerabilities
- NULL-pointer dereference denial-of-service vulnerabilities
- Segmentation fault denial-of-service vulnerabilities
- Infinite-loop denial-of-service vulnerabilities
- Memory exhaustion denial-of-service vulnerabilities
- Double-free vulnerabilities
- Unspecified denial-of-service vulnerabilities
These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application.
Various vulnerabilities affect several versions of Ethereal, from 0.8.14 through to 0.10.10.
This BID will be split into individual BIDs for each separate issue.
BID 13567 has been created for the DISTCC issue.
Many vulnerabilities in Ethereal have been disclosed by the vendor. The reported issues are in various protocol dissectors.
These issues include:
- Buffer-overflow vulnerabilities
- Format-string vulnerabilities
- NULL-pointer dereference denial-of-service vulnerabilities
- Segmentation fault denial-of-service vulnerabilities
- Infinite-loop denial-of-service vulnerabilities
- Memory exhaustion denial-of-service vulnerabilities
- Double-free vulnerabilities
- Unspecified denial-of-service vulnerabilities
These issues could allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Attackers could also crash the affected application.
Various vulnerabilities affect several versions of Ethereal, from 0.8.14 through to 0.10.10.
This BID will be split into individual BIDs for each separate issue.
BID 13567 has been created for the DISTCC issue.
Exploit / POC
Ethereal Multiple Remote Protocol Dissector Vulnerabilities
Nicob <[email protected]> provides the 'ethereal-SMB-DoS.c' proof-of-concept exploit for the SMB dissector issue.
Shaun Colley <[email protected]> provides the 'ethereal-sip-dos.c' proof-of-concept exploit for the SIP issue.
Team W00dp3ck3r provides the 'tethereal_sip.c' proof-of-concept exploit, also for the SIP issue.
Nicob <[email protected]> provides the 'ethereal-SMB-DoS.c' proof-of-concept exploit for the SMB dissector issue.
Shaun Colley <[email protected]> provides the 'ethereal-sip-dos.c' proof-of-concept exploit for the SIP issue.
Team W00dp3ck3r provides the 'tethereal_sip.c' proof-of-concept exploit, also for the SIP issue.
Solution / Fix
Ethereal Multiple Remote Protocol Dissector Vulnerabilities
Solution:
The vendor has released Ethereal version 0.10.11 to address these vulnerabilities.
Please see the referenced advisories for more information.
Ethereal Group Ethereal 0.10 .10
Ethereal Group Ethereal 0.10
Ethereal Group Ethereal 0.10.1
Ethereal Group Ethereal 0.10.2
Ethereal Group Ethereal 0.10.3
Ethereal Group Ethereal 0.10.4
Ethereal Group Ethereal 0.10.5
Ethereal Group Ethereal 0.10.6
Ethereal Group Ethereal 0.10.7
Ethereal Group Ethereal 0.10.8
Ethereal Group Ethereal 0.10.9
Ethereal Group Ethereal 0.8.15
Ethereal Group Ethereal 0.8.18
Ethereal Group Ethereal 0.8.19
Ethereal Group Ethereal 0.9
Ethereal Group Ethereal 0.9.11
Ethereal Group Ethereal 0.9.13
Ethereal Group Ethereal 0.9.16
Ethereal Group Ethereal 0.9.2
Ethereal Group Ethereal 0.9.3
Ethereal Group Ethereal 0.9.4
Ethereal Group Ethereal 0.9.6
Ethereal Group Ethereal 0.9.7
Ethereal Group Ethereal 0.9.9
SGI ProPack 3.0
Solution:
The vendor has released Ethereal version 0.10.11 to address these vulnerabilities.
Please see the referenced advisories for more information.
Ethereal Group Ethereal 0.10 .10
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.1
-
Ethereal Group Ethereal 0.10.4
http://www.ethereal.com/download.html -
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.2
-
Ethereal Group Ethereal 0.10.4
http://www.ethereal.com/download.html -
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.3
-
Ethereal Group Ethereal 0.10.4
http://www.ethereal.com/download.html -
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz -
Fedora Legacy ethereal-0.10.13-1.FC2.2.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/ethereal-0.10.1 3-1.FC2.2.legacy.i386.rpm -
Fedora Legacy ethereal-gnome-0.10.13-1.FC2.2.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/ethereal-gnome- 0.10.13-1.FC2.2.legacy.i386.rpm -
RedHat ethereal-0.10.3-0.1.1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /ethereal-0.10.3-0.1.1.i386.rpm -
RedHat ethereal-0.10.3-0.1.1.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/ethereal-0.10.3-0.1.1.x86_64.rpm -
RedHat ethereal-0.10.3-0.73.3.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-0.10 .3-0.73.3.legacy.i386.rpm -
RedHat ethereal-0.10.3-0.90.4.legacy.i386.rpm
RedHat Linux 9
http://download.fedoralegacy.org/redhat/9/updates/i386/ethereal-0.10.3 -0.90.4.legacy.i386.rpm -
RedHat ethereal-0.10.3-2.2.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386 /ethereal-0.10.3-2.2.i386.rpm -
RedHat ethereal-0.10.3-2.2.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_ 64/ethereal-0.10.3-2.2.x86_64.rpm -
RedHat ethereal-debuginfo-0.10.3-0.1.1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/ethereal-debuginfo-0.10.3-0.1.1.i386.rpm -
RedHat ethereal-debuginfo-0.10.3-0.1.1.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/debug/ethereal-debuginfo-0.10.3-0.1.1.x86_64.rpm -
RedHat ethereal-debuginfo-0.10.3-2.2.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386 /debug/ethereal-debuginfo-0.10.3-2.2.i386.rpm -
RedHat ethereal-gnome-0.10.3-0.1.1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /ethereal-gnome-0.10.3-0.1.1.i386.rpm -
RedHat ethereal-gnome-0.10.3-0.1.1.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/ethereal-gnome-0.10.3-0.1.1.x86_64.rpm -
RedHat ethereal-gnome-0.10.3-0.73.3.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-gnom e-0.10.3-0.73.3.legacy.i386.rpm -
RedHat ethereal-gnome-0.10.3-0.90.4.legacy.i386.rpm
RedHat Linux 9
http://download.fedoralegacy.org/redhat/9/updates/i386/ethereal-gnome- 0.10.3-0.90.4.legacy.i386.rpm -
RedHat ethereal-gnome-0.10.3-2.2.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386 /ethereal-gnome-0.10.3-2.2.i386.rpm -
RedHat ethereal-gnome-0.10.3-2.2.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/x86_ 64/ethereal-gnome-0.10.3-2.2.x86_64.rpm
Ethereal Group Ethereal 0.10.4
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.5
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.6
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.7
-
Conectiva ethereal-0.10.8-62475U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ethereal-0.10.8-62475U10_1 cl.i386.rpm -
Conectiva ethereal-0.10.8-73509U90_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-0.10.8-73509U90_3c l.i386.rpm -
Conectiva ethereal-common-0.10.8-62475U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ethereal-common-0.10.8-624 75U10_1cl.i386.rpm -
Conectiva ethereal-common-0.10.8-73509U90_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-common-0.10.8-7350 9U90_3cl.i386.rpm -
Conectiva ethereal-gtk-0.10.8-62475U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ethereal-gtk-0.10.8-62475U 10_1cl.i386.rpm -
Conectiva ethereal-gtk-0.10.8-73509U90_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-gtk-0.10.8-73509U9 0_3cl.i386.rpm -
Conectiva ethereal-utils-0.10.8-62475U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ethereal-utils-0.10.8-6247 5U10_1cl.i386.rpm -
Conectiva ethereal-utils-0.10.8-73509U90_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-utils-0.10.8-73509 U90_3cl.i386.rpm -
Conectiva tethereal-0.10.8-62475U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/tethereal-0.10.8-62475U10_ 1cl.i386.rpm -
Conectiva tethereal-0.10.8-73509U90_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/tethereal-0.10.8-73509U90_3 cl.i386.rpm -
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.8
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.10.9
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.8.15
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.8.18
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.8.19
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.9
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.9.11
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.9.13
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz -
Fedora Legacy ethereal-0.10.13-1.FC1.3.legacy.i386.rpm
Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/ethereal-0.10.1 3-1.FC1.3.legacy.i386.rpm -
Fedora Legacy ethereal-gnome-0.10.13-1.FC1.3.legacy.i386.rpm
Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/ethereal-gnome- 0.10.13-1.FC1.3.legacy.i386.rpm
Ethereal Group Ethereal 0.9.16
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.9.2
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.9.3
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz -
Fedora Legacy ethereal-0.10.13-0.73.1.legacy.i386.rpm
Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-0.10 .13-0.73.1.legacy.i386.rpm -
Fedora Legacy ethereal-gnome-0.10.13-0.73.1.legacy.i386.rpm
Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-gnom e-0.10.13-0.73.1.legacy.i386.rpm
Ethereal Group Ethereal 0.9.4
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.9.6
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.9.7
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
Ethereal Group Ethereal 0.9.9
-
Ethereal Group ethereal-0.10.11.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.11.tar.gz
SGI ProPack 3.0
-
SGI patch10083.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/patch100 83.tar.gz
References
Ethereal Multiple Remote Protocol Dissector Vulnerabilities
References:
References:
- ASA-2005-131 - Ethereal (Avaya)
- CLSA-2005:963 : ethereal (Conectiva)
- enpa-sa-00019 - Multiple problems in Ethereal versions 0.8.14 to 0.10.10 (Ethereal Group)
- Multiple security problems in Ethereal 0.10.3 (Ethereal Group)
- Re: [Ethereal-users] HotSIP sip-messages crasching ethereal (Ethereal Group)
- RHSA-2004:234-06 - Ethereal (RedHat)
- RHSA-2005:427-05 - ethereal security update (RedHat)
- The Ethereal Network Analyzer (Ethereal Group)
- [SecurityLab] Ethereal 0.10.10 SIP Dissector Overflow ("Ejovi Nuwere"
)