Debian Bug report logs -
#378745
ethereal: Multiple problems in Ethereal 0.8.16 up to and including 0.99.0
Reported by: Sam Morris <sam@robots.org.uk>
Date: Tue, 18 Jul 2006 17:48:44 UTC
Severity: critical
Tags: security
Found in version ethereal/0.10.10-2sarge4
Fixed in version wireshark/0.99.2-1
Done: Frederic Peters <fpeters@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>:
Bug#378745; Package ethereal.
(full text, mbox, link).
Acknowledgement sent to Sam Morris <sam@robots.org.uk>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ethereal
Version: 0.10.10-2sarge4
Severity: critical
Tags: security
Justification: privilige elevation via execution of arbitary code from remote hosts
>From <http://www.wireshark.org/security/wnpa-sec-2006-01.html>:
Wireshark 0.99.2 fixes the following vulnerabilities:
* The GSM BSSMAP dissector could crash. Versions affected: 0.10.11. CVE: CVE-2006-3627
Ilja van Sprundel discovered the following vulnerabilities:
* The ANSI MAP dissector was vulnerable to a format string overflow. Versions affected: 0.10.0. CVE: CVE-2006-3628
* The Checkpoint FW-1 dissector was vulnerable to a format string overflow. Versions affected: 0.10.10. CVE: CVE-2006-3628
* The MQ dissector was vulnerable to a format string overflow. Versions affected: 0.10.4. CVE: CVE-2006-3628
* The XML dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628
* The MOUNT dissector could attempt to allocate large amounts of memory. Versions affected: 0.9.4. CVE: CVE-2006-3629
* The NCP NMAS and NDPS dissectors were susceptible to off-by-one errors. Versions affected: 0.9.7. CVE: CVE-2006-3630
* The NTP dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628
* The SSH dissector was vulnerable to an infinite loop. Versions affected: 0.9.10. CVE: CVE-2006-3631
* The NFS dissector may have been susceptible to a buffer overflow. Versions affected: 0.8.16. CVE: CVE-2006-3632
Impact
It may be possible to make Ethereal crash, use up available memory, or run arbitrary code by
injecting a purposefully malformed packet onto the wire or by convincing someone to read a
malformed packet trace file.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-k7
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages ethereal depends on:
ii ethereal-common 0.99.0-1 network traffic analyser (common f
ii libadns1 1.1-4 Asynchronous-capable DNS client li
ii libatk1.0-0 1.11.4-2 The ATK accessibility toolkit
ii libc6 2.3.6-15 GNU C Library: Shared libraries
ii libcairo2 1.2.0-3 The Cairo 2D vector graphics libra
ii libcap1 1:1.10-14 support for getting/setting POSIX.
ii libcomerr2 1.39-1 common error description library
ii libfontconfig1 2.3.2-7 generic font configuration library
ii libglib2.0-0 2.10.2-1 The GLib library of C routines
ii libgnutls13 1.4.0-3 the GNU TLS library - runtime libr
ii libgtk2.0-0 2.8.18-1 The GTK+ graphical user interface
ii libkrb53 1.4.3-7 MIT Kerberos runtime libraries
ii libpango1.0-0 1.12.3-1 Layout and rendering of internatio
ii libpcap0.8 0.9.4-2 System interface for user-level pa
ii libpcre3 6.4-2 Perl 5 Compatible Regular Expressi
ii libx11-6 2:1.0.0-7 X11 client-side library
ii libxcursor1 1.1.5.2-5 X cursor management library
ii libxext6 1:1.0.0-4 X11 miscellaneous extension librar
ii libxfixes3 1:3.0.1.2-4 X11 miscellaneous 'fixes' extensio
ii libxi6 1:1.0.0-5 X11 Input extension library
ii libxinerama1 1:1.0.1-4 X11 Xinerama extension library
ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library
ii libxrender1 1:0.9.0.2-4 X Rendering Extension client libra
ii zlib1g 1:1.2.3-11 compression library - runtime
Versions of packages ethereal recommends:
ii gksu 1.9.1-2 graphical frontend to su
-- no debconf information
Reply sent to Frederic Peters <fpeters@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Sam Morris <sam@robots.org.uk>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 378745-close@bugs.debian.org (full text, mbox, reply):
Source: wireshark
Source-Version: 0.99.2-1
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive:
tshark_0.99.2-1_i386.deb
to pool/main/w/wireshark/tshark_0.99.2-1_i386.deb
wireshark-common_0.99.2-1_i386.deb
to pool/main/w/wireshark/wireshark-common_0.99.2-1_i386.deb
wireshark-dev_0.99.2-1_i386.deb
to pool/main/w/wireshark/wireshark-dev_0.99.2-1_i386.deb
wireshark_0.99.2-1.diff.gz
to pool/main/w/wireshark/wireshark_0.99.2-1.diff.gz
wireshark_0.99.2-1.dsc
to pool/main/w/wireshark/wireshark_0.99.2-1.dsc
wireshark_0.99.2-1_i386.deb
to pool/main/w/wireshark/wireshark_0.99.2-1_i386.deb
wireshark_0.99.2.orig.tar.gz
to pool/main/w/wireshark/wireshark_0.99.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 378745@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frederic Peters <fpeters@debian.org> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 24 Jul 2006 19:29:26 +0200
Source: wireshark
Binary: wireshark wireshark-dev wireshark-common tshark
Architecture: source i386
Version: 0.99.2-1
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <fpeters@debian.org>
Changed-By: Frederic Peters <fpeters@debian.org>
Description:
tshark - network traffic analyzer (console)
wireshark - network traffic analyzer
wireshark-common - network traffic analyser (common files)
wireshark-dev - network traffic analyser (development tools)
Closes: 351941 368860 376522 378745
Changes:
wireshark (0.99.2-1) unstable; urgency=high
.
* New upstream release. (closes: #378745)
* The project changed name, ethereal is now wireshark. (closes: #351941)
See http://www.wireshark.org/news/20060607.html
* tethereal has been renamed to tshark
* idl2eth has been renamed to idl2wrs
* Urgency high since it fixes security issues
* http://www.wireshark.org/security/wnpa-sec-2006-01.html has details
* crash in GSM BSSMAP dissector (CVE-2006-3627)
* format string overflow in ANSI MAP dissector (CVE-2006-3628)
* format string overflow in Checkpoint FW-1 dissector (CVE-2006-3628)
* format string overflow in MQ dissector (CVE-2006-3628)
* format string overflow in XML dissector (CVE-2006-3628)
* large memory allocation in MOUNT dissector (CVE-2006-3629)
* off-by-one errors in NCP NMAS and NDPS dissectors (CVE-2006-3630)
* format string overflow in NTP dissector (CVE-2006-3628)
* infinite loop in SSH dissector (CVE-2006-3631)
* buffer overflow in NFS dissector (CVE-2006-3632)
* debian/wireshark-dev.header-files: includes missing files
(closes: #376522, #368860)
* debian/copyright: list source files that are under a license different
than Wireshark.
Files:
e6a4025e254d1c55d1543ec0fb72b125 888 net optional wireshark_0.99.2-1.dsc
46d3b7c9766960fb34782c2078c50d13 12358081 net optional wireshark_0.99.2.orig.tar.gz
82d1a7d6b16c34713ba28562d6f152ee 75010 net optional wireshark_0.99.2-1.diff.gz
918d02ca5bc4fa32280ea908c32a3bfc 6940972 net optional wireshark-common_0.99.2-1_i386.deb
31db58fa0aa20a38e9afafc0cb29bb8b 538202 net optional wireshark_0.99.2-1_i386.deb
b295b4cf0417f3c1d3911c210283a71d 98786 net optional tshark_0.99.2-1_i386.deb
7d10752e8e59e0ebd581315d52ba2f76 171036 devel optional wireshark-dev_0.99.2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFExRqNoR3LsWeD7V4RAkepAJ4kSrFHzmpJgZ33ZN0B/UdsCJZGzACfauKa
W1qkFuL9MeqoA1t498AwJUM=
=dVji
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 11:03:05 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:32:58 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon