Ethereal 多个缓冲区溢出漏洞

CNNVD-ID编号	CNNVD-200604-446
CVE编号	CVE-2006-1934
发布时间	2006-04-25
更新时间	2006-04-26
漏洞类型	缓冲区溢出
漏洞来源	Coverity discovered some issues. The vendor also disclosed other issues.
危险等级	中危
威胁类型	远程
厂商	ethereal_group

漏洞介绍

Ethereal 0.10.x至0.10.14版本中存在多个缓冲区溢出。这使得远程攻击者可以借助于(1)ALCAP解析器、(2)Network Instruments文件代码或(3)NetXray/Windows Sniffer文件代码造成拒绝服务(崩溃)并可能执行任意代码。

漏洞补丁

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Ethereal Group Ethereal 0.10 .10

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.10

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.10.1

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.10.11

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

RedHat ethereal-0.99.0-fc4.1.i386.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat ethereal-0.99.0-fc4.1.ppc.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat ethereal-0.99.0-fc4.1.src.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat ethereal-0.99.0-fc4.1.x86_64.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat ethereal-debuginfo-0.99.0-fc4.1.i386.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat ethereal-debuginfo-0.99.0-fc4.1.ppc.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat ethereal-debuginfo-0.99.0-fc4.1.x86_64.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat ethereal-gnome-0.99.0-fc4.1.i386.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat ethereal-gnome-0.99.0-fc4.1.ppc.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat ethereal-gnome-0.99.0-fc4.1.x86_64.rpm

Fedora Core 4

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

Ethereal Group Ethereal 0.10.13

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.10.2

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.10.3

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.10.4

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.10.5

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.10.6

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.10.7

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.10.8

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.10.9

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.8.5

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.1

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.11

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.12

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.13

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.15

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.16

Ethereal Group Ethereal 0.99.0

http://www.ethereal.com/download.html

参考网址

来源: VUPEN

名称: ADV-2006-1501

链接：http://www.frsirt.com/english/advisories/2006/1501
来源: www.ethereal.com

链接：http://www.ethereal.com/appnotes/enpa-sa-00023.html
来源: XF

名称: ethereal-netxwin-sniffer-bo(26027)

链接：http://xforce.iss.net/xforce/xfdb/26027
来源: XF

名称: ethereal-net-instr-bo(26026)

链接：http://xforce.iss.net/xforce/xfdb/26026
来源: XF

名称: ethereal-alcap-dissector-bo(26014)

链接：http://xforce.iss.net/xforce/xfdb/26014
来源: BID

名称: 17682

链接：http://www.securityfocus.com/bid/17682
来源: REDHAT

名称: RHSA-2006:0420

链接：http://www.redhat.com/support/errata/RHSA-2006-0420.html
来源: FEDORA

名称: FEDORA-2006-461

链接：http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00195.html
来源: FEDORA

名称: FEDORA-2006-456

链接：http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00194.html
来源: MANDRIVA

名称: MDKSA-2006:077

链接：http://www.mandriva.com/security/advisories?name=MDKSA-2006:077
来源: GENTOO

名称: GLSA-200604-17

链接：http://www.gentoo.org/security/en/glsa/glsa-200604-17.xml
来源: DEBIAN

名称: DSA-1049

链接：http://www.debian.org/security/2006/dsa-1049
来源: support.avaya.com

链接：http://support.avaya.com/elmodocs2/security/ASA-2006-128.htm
来源: SECTRACK

名称: 1015985

链接：http://securitytracker.com/id?1015985
来源: SECUNIA

名称: 20944

链接：http://secunia.com/advisories/20944
来源: SECUNIA

名称: 20210

链接：http://secunia.com/advisories/20210
来源: SECUNIA

名称: 20117

链接：http://secunia.com/advisories/20117
来源: SECUNIA

名称: 19962

链接：http://secunia.com/advisories/19962
来源: SECUNIA

名称: 19958

链接：http://secunia.com/advisories/19958
来源: SECUNIA

名称: 19839

链接：http://secunia.com/advisories/19839
来源: SECUNIA

名称: 19828

链接：http://secunia.com/advisories/19828
来源: SECUNIA

名称: 19805

链接：http://secunia.com/advisories/19805
来源: SECUNIA

名称: 19769

链接：http://secunia.com/advisories/19769
来源: SUSE

名称: SUSE-SR:2006:010

链接：http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
来源: MANDRIVA

名称: MDKSA-2006:077

链接：http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:077

受影响实体

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-446