=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN290
_____________________________________________________________________

DATE                      : 09/05/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Ethereal.

======================================================================

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200505-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                             http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

   Severity: High
      Title: Ethereal: Numerous vulnerabilities
       Date: May 06, 2005
       Bugs: #90539
         ID: 200505-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Ethereal is vulnerable to numerous vulnerabilities potentially
resulting in the execution of arbitrary code or abnormal termination.

Background
==========

Ethereal is a feature rich network protocol analyzer.

Affected packages
=================

     -------------------------------------------------------------------
      Package                /  Vulnerable  /                Unaffected
     -------------------------------------------------------------------
   1  net-analyzer/ethereal      < 0.10.11                   >= 0.10.11

Description
===========

There are numerous vulnerabilities in versions of Ethereal prior to
0.10.11, including:

* The ANSI A and DHCP dissectors are vulnerable to format string
   vulnerabilities.

* The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS, OCSP,
   PKIX1Explitit, PKIX Qualified, X.509, Q.931, MEGACO, NCP, ISUP, TCAP
   and Presentation dissectors are vulnerable to buffer overflows.

* The KINK, WSP, SMB Mailslot, H.245, MGCP, Q.931, RPC, GSM and SMB
   NETLOGON dissectors are vulnerable to pointer handling errors.

* The LMP, KINK, MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw, NCP and
   L2TP dissectors are vulnerable to looping problems.

* The Telnet and DHCP dissectors could abort.

* The TZSP, Bittorrent, SMB, MGCP and ISUP dissectors could cause a
   segmentation fault.

* The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB, NDPS, IAX2,
   RADIUS, SMB PIPE, MRDISC and TCAP dissectors could throw assertions.

* The DICOM, NDPS and ICEP dissectors are vulnerable to memory
   handling errors.

* The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and NTLMSSP
   dissectors could terminate abnormallly.

Impact
======

An attacker might be able to use these vulnerabilities to crash
Ethereal and execute arbitrary code with the permissions of the user
running Ethereal, which could be the root user.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Ethereal users should upgrade to the latest version:

     # emerge --sync
     # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.11"

References
==========

   [ 1 ] Ethereal enpa-sa-00019
         http://www.ethereal.com/appnotes/enpa-sa-00019.html
   [ 2 ] CAN-2005-1456
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1456
   [ 3 ] CAN-2005-1457
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1457
   [ 4 ] CAN-2005-1458
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1458
   [ 5 ] CAN-2005-1459
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1459
   [ 6 ] CAN-2005-1460
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1460
   [ 7 ] CAN-2005-1461
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1461
   [ 8 ] CAN-2005-1462
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1462
   [ 9 ] CAN-2005-1463
         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1463
   [ 10 ] CAN-2005-1464
          http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1464
   [ 11 ] CAN-2005-1465
          http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1465
   [ 12 ] CAN-2005-1466
          http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1466
   [ 13 ] CAN-2005-1467
          http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1467
   [ 14 ] CAN-2005-1468
          http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1468
   [ 15 ] CAN-2005-1469
          http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1469
   [ 16 ] CAN-2005-1470
          http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1470

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

   http://security.gentoo.org/glsa/glsa-200505-03.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================