__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Ethereal [Debian Security Advisory DSA-1171-1] September 8, 2006 17:00 GMT Number Q-306 [REVISED 12 Oct 2006] ______________________________________________________________________________ PROBLEM: It was discovered that the SLIMP3 and AgentX dissectors are vulnerable to code injection caused by buffer overflows. PLATFORM: Debian GNU/Linux 3.1 (sarge) DAMAGE: Might allow remote attackers to execute arbitrary code via unknown vectors in the (1) SLIMP3 and (2) AgentX dissector. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. Might allow remote attackers to execute ASSESSMENT: arbitrary code via unknown vectors in the (1) SLIMP3 and (2) AgentX dissector. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-306.shtml ORIGINAL BULLETIN: Debian Security Advisory 1171-1 http://www.debian.org/security/2006/dsa-1171 ADDITIONAL LINKS: Wireshark Security Advisory wnpa-sec-2006-02 http://www.wireshark.org/security/wnpa-sec-2006-02.html USCERT VU#335656 http://www.kb.cert.org/vuls/id/335656 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3243 ______________________________________________________________________________ REVISION HISTORY: 10/12/2006 - added links to Wireshark Security Advisory wnpa-sec-2006-02 for affected versions 0.7.9 up to and including 0.99.2, and USCERT VU#335656 [***** Start Debian Security Advisory DSA-1171-1 *****] Debian Security Advisory DSA-1171-1 ethereal -- several vulnerabilities Date Reported: 07 Sep 2006 Affected Packages: ethereal Vulnerable: Yes Security database references: In the Debian bugtracking system: Bug 384528, Bug 334880. In Mitre's CVE dictionary: CVE-2006-4333, CVE-2005-3241, CVE-2005-3242, CVE-2005-3243, CVE-2005-3244, CVE-2005-3246, CVE-2005-3248. More information: Several remote vulnerabilities have been discovered in the Ethereal network scanner, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4333 It was discovered that the Q.2391 dissector is vulnerable to denial of service caused by memory exhaustion. CVE-2005-3241 It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are vulnerable to denial of service caused by memory exhaustion. CVE-2005-3242 It was discovered that the IrDA and SMB dissectors are vulnerable to denial of service caused by memory corruption. CVE-2005-3243 It was discovered that the SLIMP3 and AgentX dissectors are vulnerable to code injection caused by buffer overflows. CVE-2005-3244 It was discovered that the BER dissector is vulnerable to denial of service caused by an infinite loop. CVE-2005-3246 It was discovered that the NCP and RTnet dissectors are vulnerable to denial of service caused by a null pointer dereference. CVE-2005-3248 It was discovered that the X11 dissector is vulnerable denial of service caused by a division through zero. This update also fixes a 64 bit-specific regression in the ASN.1 decoder, which has been introduced in a previous DSA. For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge8. For the unstable distribution (sid) these problems have been fixed in version 0.99.2-5.1 of wireshark, the network sniffer formerly known as ethereal. We recommend that you upgrade your ethereal packages. Fixed in: Debian GNU/Linux 3.1 (sarge) Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.dsc Size/MD5 checksum: 855 159309d848ffa90cb5ae336582a8e7d4 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.diff. gz Size/MD5 checksum: 177921 ee1ce43eb48106f1fc0b75bc9ff3c241 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_ 0.10.10-2sarge8_alpha.deb Size/MD5 checksum: 5476146 cf5b01f923e68a3f07d0080ef69f2b57 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_ alpha.deb Size/MD5 checksum: 154566 615069b5905d6c2aec9a357eb0dd1306 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_alpha. deb Size/MD5 checksum: 106250 cfe9461049fc5e1997d68cbd1a6d6b78 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_alpha.deb Size/MD5 checksum: 543034 5c9eaadae44224a002902c4196847aa0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_ 0.10.10-2sarge8_amd64.deb Size/MD5 checksum: 154556 67cfc697c120e54c489e1552b1a58b6e http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_amd64. deb Size/MD5 checksum: 99542 09093de7c28ec1741106dac694ffcae3 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_amd64. deb Size/MD5 checksum: 486502 addeab1c3d70537c088574f9f68e6e6d http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8 _amd64.deb Size/MD5 checksum: 5334616 1700b3e18c2b45594cbb80ef2ea58019 arm architecture (ARM) http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_ arm.deb Size/MD5 checksum: 95616 39dbfe3ac08048f95b19d74c644b780c http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_arm. deb Size/MD5 checksum: 154596 209d45b3ebf7ba313bb7db0c00a095bd http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_arm.deb Size/MD5 checksum: 472996 5f0d04db811734c1f1c8c814c93ceaaa http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_ arm.deb Size/MD5 checksum: 4687892 5b2737d93a7e3673630e96744f648b51 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0. 10.10-2sarge8_hppa.deb Size/MD5 checksum: 5787290 f36dc8ae6a78acb2d6a8fa71b18af9cc http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_hppa. deb Size/MD5 checksum: 154576 5ce456fee2af8fb5b4f19d786166faf6 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_hppa.deb Size/MD5 checksum: 489292 71832119d10ab77eb4547840cf7d3504 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_hppa.deb Size/MD5 checksum: 98452 94aae2f351900a65edfddcae9e880bf6 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_i386.deb Size/MD5 checksum: 443646 f830051bf5920e2999a8ef9bab332ed2 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_ i386.deb Size/MD5 checksum: 4529156 4f6c8ec5448ea7b6aa826fce639a5781 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_i386.deb Size/MD5 checksum: 90878 45f09d9fe820e537fd9e140fbe86de07 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_i386. deb Size/MD5 checksum: 154556 a1a78549f0981eb9aa0f77fdd9ce612b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_ia64. deb Size/MD5 checksum: 6630098 82fc3ba6dd822ee192c2050dc6f38dcf http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_ia64.deb Size/MD5 checksum: 674420 9b84646b4f81e1c9415656768f6dc687 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_ia64.deb Size/MD5 checksum: 129156 c3deca896916d3a3d1c1065f5e2717c8 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_ia64.deb Size/MD5 checksum: 154554 e8a6435b4e1287af4ebfe3cb606c74af m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_m68k.deb Size/MD5 checksum: 90904 ab21fa89ad4a12f8e0c579872a1c07c4 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_m68k.deb Size/MD5 checksum: 154614 b384ae036ab5c2b85f62af368b689a04 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_m68k.deb Size/MD5 checksum: 447752 6a8378ecb8337071ef8b1199529700be http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_m68k.deb Size/MD5 checksum: 5565186 647220c660fd8546c9ca4a18e9d7a792 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mips.deb Size/MD5 checksum: 154572 434928f40a6b3e4bf2d7dce6beb72edb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mips.deb Size/MD5 checksum: 94736 4eb62077c31de2ac2ec10a760199b9eb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mips.deb Size/MD5 checksum: 4723218 9c827aab812bef7a58d5429ee8287d74 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mips.deb Size/MD5 checksum: 462746 fa7d8236f1407836dcc601317afa8df2 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mipsel. deb Size/MD5 checksum: 94650 7f64290882d7c8c579818fdc1c7e215b http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mipsel.deb Size/MD5 checksum: 154584 934dc675944e857216c72fc29ec46a55 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mipsel.deb Size/MD5 checksum: 458030 487ea6f3a1fd7620b4ae33f4d5e8c8c3 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mipsel. deb Size/MD5 checksum: 4460700 e0062d687a84b9782e645b0d72cbb248 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_powerpc.deb Size/MD5 checksum: 455716 a203882270b251513b2269b688d59256 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_powerpc.deb Size/MD5 checksum: 5068470 7976f110d32b6bb83c00afa49fd75493 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_powerpc.deb Size/MD5 checksum: 154570 7622c3b6ca781d622cb305e9a485f447 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_powerpc.deb Size/MD5 checksum: 94320 5e5391b1f1dc2bc4992582930e28f2a3 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_s390.deb Size/MD5 checksum: 5621642 092cf076ce4e6fd479ea09fdb14d6e87 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_s390.deb Size/MD5 checksum: 154566 f3dae98783c87fb3ff088be62608aef7 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_s390.deb Size/MD5 checksum: 479662 e4b854e30aa801eb67a33d1077eb1e9b http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_s390.deb Size/MD5 checksum: 99904 0516f4694b47ae4637b09e82d321eecc sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_sparc.deb Size/MD5 checksum: 5130234 44a97eeb06a2d82bbbcfba2712700792 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_sparc.deb Size/MD5 checksum: 93828 4f44e9be92792058641044db66993758 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_sparc.deb Size/MD5 checksum: 465390 42670783f2750c3d5f426fe76bd17696 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_sparc.deb Size/MD5 checksum: 154566 6f25990f50443c48e802e29881ddc3ff MD5 checksums of the listed files are available in the original advisory. [***** End Debian Security Advisory DSA-1171-1 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Debian for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-297: Cisco Unintentional Password Modification Vulnerability in Cisco Firewall Products Q-298: Cisco VPN 3000 Concentrator FTP Management Vulnerabilities Q-299: VMware ESX Server 2.5.3 Upgrade Patch 2 Q-300: Security Vulnerability in the Sun Java System Content Delivery Server Q-301: pkgadd(1M) May Set Incorrect Permissions Q-302: mysql-dfsg-4.1 CIACTech06-001: Protecting Against SQL Injection Attacks Q-303: Multiple DoS Vulnerabilities in the BIND 9 Software Q-304: OpenSSL Security Update Q-305: Mailman Security Update