Name: Multiple problems in Ethereal versions 0.8.5 to 0.10.14
Docid: enpa-sa-00023
Date: April 24, 2006
Versions affected: 0.8.5 up to and including 0.10.14
Severity:
High
Description:
Many security vulnerabilities have been fixed since the
previous release.
-
The H.248 dissector could crash.
Versions affected: 0.10.14.
CVE: CVE-2006-1937
-
The UMA dissector could go into an infinite loop.
Versions affected: 0.10.12 - 0.10.14.
CVE: CVE-2006-1933
-
The X.509if dissector could crash.
Versions affected: 0.10.14.
CVE: CVE-2006-1937
-
The SRVLOC dissector could crash.
Versions affected: 0.10.0 - 0.10.14.
CVE: CVE-2006-1937
-
The H.245 dissector could crash.
Versions affected: 0.10.13 - 0.10.14.
CVE: CVE-2006-1937
-
Ethereal's OID printing routine was susceptible to an
off-by-one error.
Versions affected: 0.10.14.
CVE: CVE-2006-1932
-
The COPS dissector could overflow a buffer.
Versions affected: 0.9.15 - 0.10.14.
CVE: CVE-2006-1935
-
The ALCAP dissector could overflow a buffer.
Versions affected: 0.10.14.
CVE: CVE-2006-1934
Under a grant funded by the U.S. Department of Homeland Security,
Coverity has uncovered
a number of vulnerabilities in Ethereal:
-
The statistics counter could crash Ethereal.
Versions affected: 0.10.10 - 0.10.14.
CVE: CVE-2006-1937
-
Ethereal could crash while reading a malformed Sniffer capture.
Versions affected: 0.8.12 - 0.10.14.
CVE: CVE-2006-1938
-
An invalid display filter could crash Ethereal.
Versions affected: 0.9.16 - 0.10.14.
CVE: CVE-2006-1939
-
The general packet dissector could crash Ethereal.
Versions affected: 0.10.9 - 0.10.14.
CVE: CVE-2006-1937
-
The AIM dissector could crash Ethereal.
Versions affected: 0.10.7 - 0.10.14.
CVE: CVE-2006-1937
-
The RPC dissector could crash Ethereal.
Versions affected: 0.9.8 - 0.10.14.
CVE: CVE-2006-1939
-
The DCERPC dissector could crash Ethereal.
Versions affected: 0.9.16 - 0.10.14.
CVE: CVE-2006-1939
-
The ASN.1 dissector could crash Ethereal.
Versions affected: 0.9.8 - 0.10.14.
CVE: CVE-2006-1939
-
The SMB PIPE dissector could crash Ethereal.
Versions affected: 0.8.20 - 0.10.14.
CVE: CVE-2006-1938
-
The BER dissector could loop excessively.
Versions affected: 0.10.4 - 0.10.14.
CVE: CVE-2006-1933
-
The SNDCP dissector could abort.
Versions affected: 0.10.4 - 0.10.14.
CVE: CVE-2006-1940
-
The Network Instruments file code could overrun a buffer.
Versions affected: 0.10.0 - 0.10.14.
CVE: CVE-2006-1934
-
The NetXray/Windows Sniffer file code could overrun a buffer.
Versions affected: 0.10.13 - 0.10.14.
CVE: CVE-2006-1934
-
The GSM SMS dissector could crash Ethereal.
Versions affected: 0.9.16 - 0.10.14.
CVE: CVE-2006-1939
-
The ALCAP dissector could overrun a buffer.
Versions affected: 0.10.14.
CVE: CVE-2006-1934
-
The telnet dissector could overrun a buffer.
Versions affected: 0.8.5 - 0.10.14.
CVE: CVE-2006-1936
-
ASN.1-based dissectors could crash Ethereal.
Versions affected: 0.9.10 - 0.10.14.
CVE: CVE-2006-1939
-
The H.248 dissector could crash Ethereal.
Versions affected: 0.10.11 - 0.10.14.
CVE: CVE-2006-1937
-
The DCERPC NT dissector could crash Ethereal.
Versions affected: 0.9.14 - 0.10.14.
CVE: CVE-2006-1939
-
The PER dissector could crash Ethereal.
Versions affected: 0.9.14 - 0.10.14.
CVE: CVE-2006-1939
Impact:
It may be possible to make Ethereal crash, use up available system
resources, or run arbitrary code by injecting a purposefully
malformed packet onto the wire or by convincing someone to read
a malformed trace file.
Resolution:
Upgrade to 0.99.0.
Due to the severity and scope of the defects that have been
discovered, no workaround is available.
