Vendor Status Note JVNCIAC-P-207

Ethereal の脆弱性


Ethereal バージョン 0.8.14 から 0.10.10 までには、特定のパケットの処理にバッファオーバーフローが発生するなど、複数の脆弱性があります。

 - Ethereal バージョン 0.8.14 から 0.10.10 まで


遠隔から第三者が Ethereal を実行しているユーザ (一般的に root) の権限を取得する可能性があります。


Multiple problems in Ethereal versions 0.8.14 to 0.10.10
Red HatRed Hat Security Advisory RHSA-2005:427
Moderate: ethereal security update

  1. ISS X-Force Database: ethereal-sip-bo(20447)
    Ethereal SIP buffer overflow
  2. ISS X-Force Database: ethereal-ansia-dissector-format-string(20448)
    Ethereal ANSI A dissector format string
  3. ISS X-Force Database: ethereal-distcc-dissector-bo(20454)
    Ethereal DISTCC dissector buffer overflow
  4. ISS X-Force Database: ethereal-fcels-dissector-bo(20456)
    Ethereal FCELS dissector buffer overflow
  5. ISS X-Force Database: ethereal-kink-dissector-dos(20459)
    Ethereal KINK dissector denial of service
  6. ISS X-Force Database: ethereal-lmpdissector-dos(20460)
    Ethereal LMP dissector denial of service
  7. ISS X-Force Database: ethereal-tzsp-dissector-dos(20463)
    Ethereal TZSP dissector denial of service
  8. ISS X-Force Database: ethereal-wsp-dissector-dos(20464)
    Ethereal WSP Dissector denial of service
  9. ISS X-Force Database: ethereal-ber-dissector-dos(20473)
    Ethereal BER dissector denial of service
  10. ISS X-Force Database: ethereal-smb-mailslot-dissector-dos(20475)
    Ethereal SMB Mailslot dissector denial of service
  11. ISS X-Force Database: ethereal-h245-dissector-dos(20476)
    Ethereal H.245 dissector denial of service
  12. ISS X-Force Database: ethereal-bittorrent-dissector-dos(20477)
    Ethereal Bittorrent dissector denial of service
  13. ISS X-Force Database: ethereal-smb-fault-dissector-dos(20483)
    Ethereal segmentation fault in SMB dissector denial of service
  14. ISS X-Force Database: ethereal-dicom-dissector-dos(20485)
    Ethereal DICOM dissector denial of service
  15. ISS X-Force Database: ethereal-mgcp-dissector-dos(20488)
    Ethereal MGCP dissector denial of service
  16. ISS X-Force Database: ethereal-rsvpdissector-dos(20491)
    Ethereal RSVP dissector Denial of service
  17. ISS X-Force Database: ethereal-isis-dissector-dos(20493)
    Ethereal ISIS dissector Denial of service
  18. ISS X-Force Database: ethereal-multiple-dissectors-dos(20494)
    Ethereal multiple dissectors denial of service
  19. ISS X-Force Database: ethereal-ndps-dissector-dos(20514)
    Ethereal NDPS dissector denial of service
  20. ISS X-Force Database: ethereal-q931-dissector-dos(20518)
    Ethereal Q.931 dissector denial of service
  21. ISS X-Force Database: ethereal-iax2-dissector-dos(20520)
    Ethereal IAX2 dissector denial of service
  22. ISS X-Force Database: ethereal-megaco-dissector-dos(20521)
    Ethereal MEGACO dissector denial of service
  23. ISS X-Force Database: ethereal-dlsw-dissector-dos(20523)
    Ethereal DLSW dissector denial of service
  24. ISS X-Force Database: ethereal-ncp-dissector-dos(20526)
    Ethereal NCP dissector denial of service
  25. ISS X-Force Database: ethereal-radius-dissector-dos(20527)
    Ethereal RADIUS dissector denial of service
  26. ISS X-Force Database: ethereal-gsm-dissector-dos(20528)
    Ethereal GSM dissector denial of service
  27. ISS X-Force Database: ethereal-smbpipe-dissector-dos(20529)
    Ethereal SMB PIPE dissector denial of service
  28. ISS X-Force Database: ethereal-l2tp-dissector-dos(20530)
    Ethereal L2TP dissector denial of service
  29. ISS X-Force Database: ethereal-smb-netlogon-dissector-dos(20547)
    Ethereal SMB NETLOGON dissector denial of service
  30. ISS X-Force Database: ethereal-mrdisc-dissector-dos(20548)
    Ethereal MRDISC dissector denial of service
  31. ISS X-Force Database: ethereal-isup-dissector-dos(20549)
    Ethereal ISUP dissector denial of service
  32. ISS X-Force Database: ethereal-tcap-dissector-dos(20551)
    Ethereal TCAP dissector denial of service
  33. ISS X-Force Database: ethereal-presentation-dissector-dos(20552)
    Ethereal Presentation dissector denial of service
  34. ISS X-Force Database: ethereal-multiple-dissector-dos(20553)
    Ethereal multiple dissector denial of service

JPCERT REPORTJPCERT-WR-2005-2101 ( 2005-06-01 )
CIAC BulletinP-207 Ethereal Security Update ( 2005-05-24 )
CVE2005-1456 [CVE+]
2005-1457 [CVE+]
2005-1458 [CVE+] XF20459
2005-1459 [CVE+] XF20551,XF20464,XF20547,XF20475,XF20514,XF20520,XF20473,XF20548,XF20529,XF20527
2005-1460 [CVE+] XF20553
2005-1461 [CVE+] XF20518,XF20549,XF20521,XF20526,XF20456,XF20552,XF20494,XF20493,XF20454,XF20447
2005-1462 [CVE+]
2005-1463 [CVE+] XF20448
2005-1464 [CVE+] XF20488,XF20459,XF20530,XF20523,XF20460,XF20521,XF20491
2005-1465 [CVE+] XF20526
2005-1466 [CVE+] XF20485
2005-1467 [CVE+] XF20514
2005-1468 [CVE+] XF20488,XF20476,XF20475,XF20464,XF20547,XF20518,XF20459
2005-1469 [CVE+] XF20528
2005-1470 [CVE+] XF20463,XF20477,XF20483,XF20549,XF20488

登録日11:26 2005/06/05
更新日11:26 2005/06/05

Copyright(C) 2002-2009 Keio Univ. All rights reserved.