Vendor Status Note JVNCIAC-Q-030

Ethereal の脆弱性


Ethereal バージョン 0.7.7 から 0.10.12 までには、特定のパケットの処理に脆弱性があります。

 - Ethereal バージョン 0.7.7 から 0.10.12 まで


遠隔から第三者が Ethereal を実行しているユーザ (一般的に root) の権限を取得する可能性があります。


Multiple problems in Ethereal versions 0.7.7 to 0.10.12

  1. ISS X-Force Database: pcre-pcrecompile-bo(21970)
    PCRE Library pcre_compile.c buffer overflow
  2. ISS X-Force Database: ethereal-slimp3-dissector-bo(22793)
    Ethereal SLIMP3 dissector buffer overflow
  3. ISS X-Force Database: ethereal-isakmp-dissector-dos(22794)
    Ethereal ISAKMP dissector denial of service
  4. ISS X-Force Database: ethereal-fcfcs-dissector-dos(22795)
    Ethereal Fc-FCS dissector denial of service
  5. ISS X-Force Database: ethereal-rsvp-memory-dos(22796)
    Ethereal RSVP dissector memory denial of service
  6. ISS X-Force Database: ethereal-isislsp-dissector-dos(22797)
    Ethereal ISIS LSP dissector denial of service
  7. ISS X-Force Database: ethereal-irda-dissector-dos(22798)
    Ethereal IrDA dissector denial of service
  8. ISS X-Force Database: ethereal-berdissector-dos(22799)
    Ethereal BER dissector denial of service
  9. ISS X-Force Database: ethereal-scsi-dissector-dos(22800)
    Ethereal SCSI dissector denial of service
  10. ISS X-Force Database: ethereal-oncrpc-dissector-dos(22801)
    Ethereal ONC RPC dissector denial of service
  11. ISS X-Force Database: ethereal-sflow-dissector-dos(22802)
    Ethereal sFlow dissector denial of service
  12. ISS X-Force Database: ethereal-rtnet-dissector-dos(22803)
    Ethereal RTnet dissector denial of service
  13. ISS X-Force Database: ethereal-sigcomp-udvm-dos(22806)
    Ethereal SigComp UDVM denial of service
  14. ISS X-Force Database: ethereal-smb-transaction-dos(22808)
    Ethereal SMB transaction denial of service
  15. ISS X-Force Database: ethereal-x11-dissector-dos(22810)
    Ethereal X11 dissector denial of service
  16. ISS X-Force Database: ethereal-agentx-dissector-bo(22811)
    Ethereal AgentX dissector buffer overflow
  17. ISS X-Force Database: ethereal-wspdissector-dos(22812)
    Ethereal WSP dissector denial of service
  18. ISS X-Force Database: ethereal-srvloc-dissector-bo(22813)
    Ethereal SRVLOC dissector buffer overflow

JPCERT REPORTJPCERT-WR-2005-4201 ( 2005-10-26 )
CIAC BulletinQ-030 Multiple Problems in Ethereal Versions 0.7.7 to 0.10.12 ( 2005-10-21 )
CVE2005-3241 [CVE+] XF22797,XF22796,XF22795,XF22794
2005-3242 [CVE+] XF22798,XF22808
2005-3243 [CVE+] XF22811,XF22793
2005-3244 [CVE+] XF22799
2005-3245 [CVE+] XF22801
2005-3246 [CVE+] XF22803,XF22802,XF22800
2005-3247 [CVE+] XF22806
2005-3248 [CVE+] XF22810
2005-3249 [CVE+] XF22812
2005-3184 [CVE+] XF22813
2005-2491 [CVE+] XF21970

登録日22:07 2005/10/29
更新日22:07 2005/10/29

Copyright(C) 2002-2009 Keio Univ. All rights reserved.