Debian Security Advisory

DSA-324-1 ethereal -- several vulnerabilities

Date Reported:
18 Jun 2003
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 7878, BugTraq ID 7880, BugTraq ID 7881, BugTraq ID 7883.
In Mitre's CVE dictionary: CVE-2003-0428, CVE-2003-0429, CVE-2003-0431, CVE-2003-0432.
More information:

Several of the packet dissectors in ethereal contain string handling bugs which could be exploited using a maliciously crafted packet to cause ethereal to consume excessive amounts of memory, crash, or execute arbitrary code.

These vulnerabilities were announced in the following Ethereal security advisory:

Ethereal 0.9.4 in Debian 3.0 (woody) is affected by most of the problems described in the advisory, including:

  • The DCERPC dissector could try to allocate too much memory while trying to decode an NDR string.
  • Bad IPv4 or IPv6 prefix lengths could cause an overflow in the OSI dissector.
  • The tvb_get_nstringz0() routine incorrectly handled a zero-length buffer size.
  • The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, and ISIS dissectors handled strings improperly.

The following problems do not affect this version:

  • The SPNEGO dissector could segfault while parsing an invalid ASN.1 value.
  • The RMI dissector handled strings improperly

as these modules are not present.

For the stable distribution (woody) these problems have been fixed in version 0.9.4-1woody5.

For the old stable distribution (potato) these problems will be fixed in a future advisory.

For the unstable distribution (sid) these problems are fixed in version 0.9.13-1.

We recommend that you update your ethereal package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.