From security@sco.com Sat Nov 8 14:26:33 2003 From: security@sco.com To: announce@lists.caldera.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com, security-alerts@linuxsecurity.com Date: Fri, 7 Nov 2003 16:25:23 -0800 Reply-To: please_reply_to_security@sco.com Subject: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 To: announce@lists.caldera.com bugtraq@securityfocus.com full-disclosure@lists.netsys.com security-alerts@linuxsecurity.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 Advisory number: CSSA-2003-030.0 Issue date: 2003 November 07 Cross reference: sr883585 fz528203 erg712398 CAN-2003-0428 CAN-2003-0429 CAN-2003-0430 CAN-2003-0431 CAN-2003-0432 ______________________________________________________________________________ 1. Problem Description Multiple vulnerabilities have reported in Ethereal 0.9.12. Ethereal is a freely available network protocol analyzer for Microsoft Windows and multiple Unix-based operating systems. Ethereal versions 0.9.12 and earlier are vulnerable to multiple issues. The Vulnerabilities are: 1. The DCERPC dissector could try to allocate too much memory while trying to decode an NDR string. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2003-0428 to this issue. 2. Bad IPv4 or IPv6 prefix lengths could cause an overflow in the OSI dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2003-0429 to this issue. 3. The SPNEGO dissector could segfault while parsing an invalid ASN.1 value. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2003-0430 to this issue. 4. The tvb_get_nstringz0() routine incorrectly handled a zero- length buffer size. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2003-0431 to this issue. 5. The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI dissectors handled strings improperly. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name CAN-2003-0432 to this issue. POTENTIAL IMPACT It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. 2. Vulnerable Supported Versions System Package ------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to ethereal-0.9.13-1.i386.rpm OpenLinux 3.1.1 Workstation prior to ethereal-0.9.13-1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-030.0/RPMS 4.2 Packages 9c5039a96d35a4bb91cddfa40adb7e2c ethereal-0.9.13-1.i386.rpm 4.3 Installation rpm -Fvh ethereal-0.9.13-1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-030.0/SRPMS 4.5 Source Packages 991395b4b4bcf0375e7dfe6a09108faf ethereal-0.9.13-1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-030.0/RPMS 5.2 Packages 9d87667d906a624fc6e05434187941c1 ethereal-0.9.13-1.i386.rpm 5.3 Installation rpm -Fvh ethereal-0.9.13-1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-030.0/SRPMS 5.5 Source Packages 391d94b691aee0b3194583675c400cd7 ethereal-0.9.13-1.src.rpm 6. References Specific references for this advisory: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0428 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0429 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0430 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0431 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0432 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr883585 fz528203 erg712398. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj+sNhQACgkQbluZssSXDTEZMwCfUH9bcXlH1HwcxpnZp2+wIWvx CCEAoKkO/by2uLsop7CdEmSE2zvXUY/A =T8Uu -----END PGP SIGNATURE-----