Debian Security Advisory
DSA-1049-1 ethereal -- several vulnerabilities
- Date Reported:
- 02 May 2006
- Affected Packages:
- ethereal
- Vulnerable:
- Yes
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 17682.
In Mitre's CVE dictionary: CVE-2006-1932, CVE-2006-1933, CVE-2006-1934, CVE-2006-1935, CVE-2006-1936, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940. - More information:
-
Gerald Combs reported several vulnerabilities in ethereal, a popular network traffic analyser. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2006-1932
The OID printing routine is susceptible to an off-by-one error.
- CVE-2006-1933
The UMA and BER dissectors could go into an infinite loop.
- CVE-2006-1934
The Network Instruments file code could overrun a buffer.
- CVE-2006-1935
The COPS dissector contains a potential buffer overflow.
- CVE-2006-1936
The telnet dissector contains a buffer overflow.
- CVE-2006-1937
Bugs in the SRVLOC and AIM dissector, and in the statistics counter could crash ethereal.
- CVE-2006-1938
Null pointer dereferences in the SMB PIPE dissector and when reading a malformed Sniffer capture could crash ethereal.
- CVE-2006-1939
Null pointer dereferences in the ASN.1, GSM SMS, RPC and ASN.1-based dissector and an invalid display filter could crash ethereal.
- CVE-2006-1940
The SNDCP dissector could cause an unintended abortion.
For the old stable distribution (woody) these problems have been fixed in version 0.9.4-1woody15.
For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge5.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your ethereal packages.
- CVE-2006-1932
- Fixed in:
-
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.dsc
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.diff.gz
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_sparc.deb
Debian GNU/Linux 3.1 (sarge)
- Source:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.dsc
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.diff.gz
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_alpha.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_amd64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_amd64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_amd64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_amd64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_arm.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_i386.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_ia64.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_hppa.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_m68k.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mips.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mipsel.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_powerpc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_s390.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_sparc.deb
- http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_sparc.deb
MD5 checksums of the listed files are available in the original advisory.