Säkerhetsbulletin från Debian

DSA-1127-1 ethereal -- flera sårbarheter

Rapporterat den:
2006-07-28
Berörda paket:
ethereal
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Debians felrapporteringssystem: Fel 373913, Fel 375694.
I Mitres CVE-förteckning: CVE-2006-3628, CVE-2006-3629, CVE-2006-3630, CVE-2006-3631, CVE-2006-3632.
Ytterligare information:

Flera sårbarheter har upptäckts i nätverkssniffaren Ethereal, vilka kunde leda till exekvering av godtycklig kod. Projektet Common Vulnerabilities and Exposures identifierar följande problem:

  • CVE-2006-3628

    Ilja van Sprundel upptäckte att dissekerarna för FW-1 och MQ var sårbara för formatsträngsattacker.

  • CVE-2006-3629

    Ilja van Sprundel upptäckte att MOUNT-dissekeraren var sårbar för en överbelastningsattack som tog slut på minnet.

  • CVE-2006-3630

    Ilja van Sprundel upptäckte stegfelsbuffertspill i dissekerarna för NCP NMAS och NDPS.

  • CVE-2006-3631

    Ilja van Sprundel upptäckte ett buffertspill i NFS-dissekeraren.

  • CVE-2006-3632

    Ilja van Sprundel upptäckte att SSH-dissekeraren var sårbar för en överbelastningsattack som utförde en oändlig slinga.

För den stabila utgåvan (Sarge) har dessa problem rättats i version 0.10.10-2sarge6.

För den instabila utgåvan (Sid) har dessa problem rättats i version 0.99.2-1 av wireshark, sniffaren som tidigare hette ethereal.

Vi rekommenderar att ni uppgraderar era ethereal-paket.

Rättat i:

Debian GNU/Linux 3.1 (sarge)

Källkod:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6.dsc
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6.diff.gz
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_alpha.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_alpha.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_alpha.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_amd64.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_amd64.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_amd64.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_arm.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_arm.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_arm.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_i386.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_i386.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_i386.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_ia64.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_ia64.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_ia64.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_hppa.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_hppa.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_hppa.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_m68k.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_m68k.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_m68k.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_mips.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_mips.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_mips.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_mipsel.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_mipsel.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_mipsel.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_powerpc.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_powerpc.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_powerpc.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_s390.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_s390.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_s390.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_sparc.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_sparc.deb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_sparc.deb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.