Vendor Status Note JVNCIAC-O-105

Ethereal に複数の脆弱性


Ethereal バージョン 0.8.13 から 0.10.2 までには、いくつかのプロトコルの処理にバッファオーバーフローなどの複数の脆弱性があります。


遠隔から第三者が Ethereal を実行しているユーザの権限 (通常 root) を取得する可能性があります。

Multiple security problems in Ethereal 0.10.2
Red Hatセキュリティアドバイス RHSA-2004-136
セキュリティ問題を修正したEtherealのアップデート パッケージ
RedHat Advisory RHSA-2004-137
Updated Ethereal packages fix security issues

  1. US-CERT Vulnerability Note VU#119876
    Ethereal contains multiple vulnerabilities in the EIGRP protocol dissector
  2. US-CERT Vulnerability Note VU#125156
    Ethereal contains multiple vulnerabilities in the UCP protocol dissector
  3. US-CERT Vulnerability Note VU#433596
    Ethereal integer underflow when parsing malformed PGM packets with NAK lists
  4. US-CERT Vulnerability Note VU#591820
    Ethereal fails to properly decode Transaction IDs within TCAP packets
  5. US-CERT Vulnerability Note VU#644886
    Ethereal fails to properly parse NetFlow UDP packets with an overly large template_entry count
  6. US-CERT Vulnerability Note VU#659140
    Ethereal ISUP protocol dissector fails to properly decode ISUP packets
  7. US-CERT Vulnerability Note VU#740188
    Ethereal IrDA dissector plugin fails to properly parse IRCOM_PORT_NAME parameter
  8. US-CERT Vulnerability Note VU#864884
    Ethereal contains multiple vulnerabilities in the IGAP protocol dissector
  9. US-CERT Vulnerability Note VU#931588
    Ethereal fails to properly decode BGP packets containing MPLS IPv6 labels
  10. US-CERT Vulnerability Note VU#792286
    Ethereal fails to properly handle a zero-length Presentation protocol selector
  11. US-CERT Vulnerability Note VU#124454
    Ethereal crashes when processing malformed RADIUS packets
  12. ISS X-Force Database: ethereal-multiple-dissectors-bo(15569)
    Ethereal multiple dissectors buffer overflows
  13. ISS X-Force Database: ethereal-zero-presentation-dos(15570)
    Ethereal zero-length presentation protocol selector denial of service
  14. ISS X-Force Database: ethereal-radius-dos(15571)
    Ethereal RADIUS packet denial of service

JPCERT REPORTJPCERT-WR-2004-1401 ( 2004-04-07 )
CIAC BulletinO-105 Multiple Vulnerabilities in Ethereal 0.10.2 ( 2004-03-31 )
CVE2004-0176 [CVE+] VU#119876,VU#125156,VU#433596,VU#591820,VU#644886,VU#659140,VU#740188,VU#864884,VU#931588,XF15569
2004-0367 [CVE+] VU#792286,XF15570
2004-0365 [CVE+] VU#124454,XF15571

登録日16:54 2004/04/07
更新日16:54 2004/04/07

Copyright(C) 2002-2009 Keio Univ. All rights reserved.