From 34acc215c8681d929e4bbbd231ae3df34dc4ced1 Mon Sep 17 00:00:00 2001 From: "Simon L. B. Nielsen" Date: Thu, 23 Dec 2004 00:39:08 +0000 Subject: [PATCH] Document multiple vulnerabilities in ethereal. --- security/vuxml/vuln.xml | 49 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 7325c7cb9ae9..eb281914063c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,55 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + ethereal -- multiple vulnerabilities + + + ethereal + ethereal-lite + tethereal + tethereal-lite + 0.10.8 + + + + +

An Ethreal Security Advisories reports:

+
+

Issues have been discovered in the following protocol + dissectors:

+
    +
  • Matthew Bing discovered a bug in DICOM dissection that + could make Ethereal crash.
  • +
  • An invalid RTP timestamp could make Ethereal hang and + create a large temporary file, possibly filling + available disk space.
  • +
  • The HTTP dissector could access previously-freed + memory, causing a crash.
  • +
  • Brian Caswell discovered that an improperly formatted + SMB packet could make Ethereal hang, maximizing CPU + utilization.
  • +
+

Impact: It may be possible to make Ethereal crash or run + arbitrary code by injecting a purposefully malformed + packet onto the wire or by convincing someone to read a + malformed packet trace file.

+
+ +
+ + CAN-2004-1139 + CAN-2004-1140 + CAN-2004-1141 + CAN-2004-1142 + http://www.ethereal.com/appnotes/enpa-sa-00016.html + + + 2004-12-14 + 2004-12-23 + +
+ xpdf -- buffer overflow vulnerability