Alerta de Segurança Debian

DSA-313-1 ethereal -- buffer overflows, overflows de inteiros

Data do Alerta:

11 Jun 2003

Pacotes Afetados:

Vulnerável:

Sim

Referência à base de dados de segurança:

Na base de dados do BugTraq (na SecurityFocus): ID BugTraq 7493, ID BugTraq 7494, ID BugTraq 7495.
No dicionário CVE do Mitre: CVE-2003-0356, CVE-2003-0357.

Informações adicionais:

Timo Sirainen descobriu várias vulnerabilidades no ethereal, um analisador de tráfego de rede. Isto inclui buffer overflows de um byte nos dissectores AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP e TSP e overflows de inteiros nos dissectores Mount e PPP.

Na atual distribuição estável (woody), este problema foi corrigido na versão 0.9.4-1woody4.

A antiga distribuição estável (potato) parece não conter estas vulnerabilidades.

Na distribuição instável (sid), este problema foi corrigido na versão 0.9.12-1.

Nós recomendamos que você atualize seus pacotes ethereal.

Corrigido em:

Debian GNU/Linux 3.0 (woody)

Fonte:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.dsc; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.diff.gz; http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_alpha.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_alpha.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_alpha.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_arm.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_arm.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_arm.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_i386.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_i386.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_i386.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_ia64.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_ia64.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_ia64.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_hppa.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_hppa.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_hppa.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_m68k.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_m68k.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_m68k.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mips.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mips.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mips.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mipsel.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mipsel.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mipsel.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_powerpc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_powerpc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_powerpc.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_s390.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_s390.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_s390.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_sparc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_sparc.deb; http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_sparc.deb; http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_sparc.deb

Checksums MD5 dos arquivos listados estão disponíveis no alerta original.