Operating System:

Published:

15 March 2005

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                ESB-2005.0216 -- Ethereal Security Advisory
            New ethereal version fixes multiple security issues
                               15 March 2005

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Ethereal
Operating System:  Windows
                   Linux variants
                   UNIX variants
Impact:            Execute Arbitrary Code/Commands
                   Denial of Service
Access:            Remote/Unauthenticated
CVE Names:         CAN-2005-0699 CAN-2005-0704 CAN-2005-0705

Original Bulletin: http://www.ethereal.com/appnotes/enpa-sa-00018.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ethereal 0.10.10 has been released.

This release fixes the following security and stability-related issues:

  Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
  (CAN-2005-0704)

  The GPRS-LLC dissector could crash if the "ignore cipher bit" option
  was enabled. (CAN-2005-0705)

  Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector.
  This flaw was later reported by Leon Juranic. (CAN-2005-0699)

  Leon Juranic discovered a buffer overflow in the IAPP dissector.

  A bug in the JXTA dissector could make Ethereal crash.

  A bug in the sFlow dissector could make Ethereal crash.


Please see the following advisory for more information:

    http://www.ethereal.com/appnotes/enpa-sa-00018.html

Everyone is encouraged to upgrade.


New and updated features

  Tree view item context menus now let you browse to the display filter
  reference and wiki pages for a particular protocol.

  Online help has been expanded.

  VoIP call analysis (including nifty connection diagrams) has been
  added.

  GSS-API decryption has been greatly enhanced.


New protocol support

  AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol,
  Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP


Updated protocol support

  3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2,
  DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella,
  GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ,
  IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper,
  JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID,
  PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP,
  SPNEGO, SSL, STUN, TCAP, TCP, TZSP


New and updated capture file support

  DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)


Download Sites

  The source code, Windows and Solaris installers can be downloaded
  immediately from the following locations:

Main site:

Source:

  http://www.ethereal.com/distribution/ethereal-0.10.10.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.10.10.tar.bz2

Windows installer:

  http://www.ethereal.com/distribution/win32/ethereal-setup-0.10.10.exe

Solaris installers:

  http://www.ethereal.com/distribution/solaris/

SourceForge:

  http://sourceforge.net/project/showfiles.php?group_id=255


The mirror sites listed at

  http://www.ethereal.com/download.html#releases

should be updated shortly.


Digests

MD5(ethereal-0.10.10.tar.bz2)=5addaf1db088a8b51941e4db191b0ab0
SHA1(ethereal-0.10.10.tar.bz2)=611259edaf36a34a49331ed6fbc194c2407bd528
RIPEMD160(ethereal-0.10.10.tar.bz2)=1867f061c704482ea15c78077d3289ac67984001

MD5(ethereal-0.10.10.tar.gz)=e6b74468412c17bb66cd459bfb61471c
SHA1(ethereal-0.10.10.tar.gz)=5cf7ca783f5e9d0a142519110d188a8c83458cf4
RIPEMD160(ethereal-0.10.10.tar.gz)=2d0f5e6355a10251bdcccd1f4477404a21815b12

MD5(ethereal-setup-0.10.10.exe)=07f50aae1d4a746c1a0fbd3b73daa6c0
SHA1(ethereal-setup-0.10.10.exe)=d7dbaa39399f862699c02f12c660d1905a9a156e
RIPEMD160(ethereal-setup-0.10.10.exe)=03f87256a16619415a8967ae7af7f2614c99e652

MD5(ethereal-0.10.10-solaris2.8-sparc-local.bz2)=80d84ef7732c7db71241faffb5f5f666
SHA1(ethereal-0.10.10-solaris2.8-sparc-local.bz2)=3af9ca8b1f7e682cd7fc8b4954d6887573a7ef83
RIPEMD160(ethereal-0.10.10-solaris2.8-sparc-local.bz2)=afe94928803f2aa3802890b04fce49b23898437b

MD5(ethereal-0.10.10-solaris2.9-sparc-local.bz2)=6ad4ab78611849fb950bc65d5f076783
SHA1(ethereal-0.10.10-solaris2.9-sparc-local.bz2)=c05261056e278cebcce9a94c6f23881f6b33e871
RIPEMD160(ethereal-0.10.10-solaris2.9-sparc-local.bz2)=88bc48174f39e7603b0111a645500f8935e7ee42

MD5(patch-ethereal-0.10.9-to-0.10.10.diff.bz2)=1858d6d6b7a70491e2f61f30c3f25eb9
SHA1(patch-ethereal-0.10.9-to-0.10.10.diff.bz2)=df6aef42cc576f27cb70ce4f5a353d8a845b5f24
RIPEMD160(patch-ethereal-0.10.9-to-0.10.10.diff.bz2)=572fc3755ec61c28241193d6c115a37d96607bde

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCMeGykXaEuZt2wEERAqHqAJ9KmBC4q0aKSdEJIYDSZdvGRbpFdQCeI12a
wFdzcak3srZdXPYTKs4O94w=
=TZoX
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQjZTuSh9+71yA2DNAQKEgAP5AZSksI6U724htHLdp3oGUaqPb4y5d871
5ixVW0gHhvUQulPpelOu8enJYB5740oWzOc2uu0/y4OPGCUBky8r+cbtFATUUhu1
YZsnP5BBS8/dcU4DI9ino9E+ud1zMsSMB5yXRte7GsUHxHtES8WwIsEKunTBVGN4
fEvO1dlbBfA=
=xlhl
-----END PGP SIGNATURE-----