Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2005.0599 -- Ethereal Anouncement Ethereal 0.10.12 is now available 28 July 2005 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Ethereal prior to version 0.10.12 Publisher: Ethereal Operating System: UNIX variants Windows Impact: Execute Arbitrary Code/Commands Denial of Service Access: Remote/Unauthenticated Original Bulletin: http://www.ethereal.com/lists/ethereal-announce/200507/msg00000.html - --------------------------BEGIN INCLUDED TEXT-------------------- Ethereal 0.10.12 has been released. Our testing program has turned up several more security issues: The LDAP dissector could free static memory and crash. Versions affected: 0.8.5 to 0.10.11 The AgentX dissector could crash. Versions affected: 0.10.10 to 0.10.11 The 802.3 dissector could go into an infinite loop. Versions affected: 0.8.16 to 0.10.11 The PER dissector could abort. Versions affected: 0.10.5 to 0.10.11 The DHCP dissector could go into an infinite loop. Versions affected: 0.10.7 to 0.10.11 The BER dissector could abort or loop infinitely. Version affected: 0.10.11 The MEGACO dissector could go into an infinite loop. Versions affected: 0.9.14 to 0.10.11 The GIOP dissector could dereference a null pointer. Versions affected: 0.8.20 to 0.10.11 The SMB dissector was susceptible to a buffer overflow. Versions affected: 0.9.12 to 0.10.11 The WBXML could dereference a null pointer. Versions affected: 0.10.1 to 0.10.11 The H1 dissector could go into an infinite loop. Versions affected: 0.8.15 to 0.10.11 The DOCSIS dissector could cause a crash. Versions affected: 0.9.13 to 0.10.11 The SMPP dissector could go into an infinite loop. Versions affected: 0.10.1 to 0.10.11 SCTP graphs could crash. Version affected: 0.10.11 The HTTP dissector could crash. Versions affected: 0.10.4 to 0.10.11 The SMB dissector could go into a large loop. Versions affected: 0.9.0 to 0.10.11 The DCERPC dissector could crash. Versions affected: 0.9.16 to 0.10.11. Several dissectors could crash while reassembling packets. Versions affected: 0.9.0 to 0.10.11 Steve Grubb at Red Hat found the following issues: The CAMEL dissector could dereference a null pointer. Version affected: 0.10.11 The DHCP dissector could crash. Versions affected: 0.10.4 to 0.10.11 The CAMEL dissector could crash. Versions affected: 0.10.10 to 0.10.11 The PER dissector could crash. Versions affected: 0.10.10 to 0.10.11 The RADIUS dissector could crash. Versions affected: 0.9.4 to 0.10.11 The Telnet dissector could crash. Versions affected: 0.9.10 to 0.10.11 The IS-IS LSP dissector could crash. Versions affected: 0.8.19 to 0.10.11 The NCP dissector could crash. Versions affected: 0.9.15 to 0.10.11 iDEFENSE found the following issues: Several dissectors were susceptible to a format string overflow. Versions affected: 0.9.4 to 0.10.11 Ethereal uses the zlib compression library. Security vulnerabilities have been discovered in zlib 1.2.1 and 1.2.2. The Windows installer now ships with zlib 1.2.3, which fixes these vulnerabilities. Please see the following advisory for more information: http://www.ethereal.com/appnotes/enpa-sa-00020.html Everyone is encouraged to upgrade. New and updated features The Windows installer now includes the WinPcap 3.1 beta 4 installer. You don't have to download and install it separately. RADIUS dictionaries are now included. A lot of documentation was updated Some command line parameters have changed, see the Ethereal / Tethereal manual pages A "File/File Set" submenu was added to better handle multiple files (such as ring buffers). Flow graphs can now be created for any protocol. Memory management has been greatly improved. JXTA has been added to the conversations menu. When compiled with MIT/Heimdal Kerberos AND if keytab files are provided, Ethereal can now decrypt and dissect both SecureLDAP and encrypted DCE/RPC. TCP Sequence graphs should now work for all captures and all encapsulation types. New protocol support ACSE, ARMAGETRONAD, AudioCodes trunk trace, CSM_ENCAPS, DEC DNA Routing, DIS, FTAM, iFCP, Juniper PPPoE, MMS, MS MediaServer, MSRP, Parlay, Synergy, TANGO, WLAN Certificate Extensions Updated protocol support 802.11 Radiotap, 9P, ACSE, AFP, AgentX, AIM, ANSI MAP, BACapp, BVLC, Camel, CLNP, CMIP, DCERPC, DCOM, DHCP, DHCP Failover, DHCPv6, DICOM, DNP, DNS, DOCSIS, EAP, Ethernet, FC ELS, FCIP, FCP, FC-SWILS, GIOP, GSM A, GSM MAP, GSSAPI, GTP, H1, H.221, H.225, H.235, H.245, H.248, H.450, HPSW, HTTP, HyperSCSI, ICMP, IEEE 802.11, IEEE 802.3, iFCP, IP, IPDC, ISAKMP, iSCSI, iSNS, ISUP, JXTA, Kerberos, KINK, LDAP, LLC, LMP, LWAPP, MEGACO, MGCP, MMSE, NDMP, NDPS, NFS, NTLMSSP, OSI, OSPF, PER, PPP, PRES, PROFINET, RDT, RMT, RPC, RSVP, Rsync, RTP, RTSP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SPNEGO, SSCOP, SSL, T.38, TCAP, TCP, Telnet, TFTP, TPKT, UDP, UDVM, UMA, V5UA, WBXML, WSP, XML, YMSG, YPSERV New and updated capture file support HP Nettl, Tektronix K12 Download Sites The source code, Windows and Solaris installers can be downloaded immediately from the following locations: Main site: Source: http://www.ethereal.com/distribution/ethereal-0.10.12.tar.gz http://www.ethereal.com/distribution/ethereal-0.10.12.tar.bz2 Windows installer: http://www.ethereal.com/distribution/win32/ethereal-setup-0.10.12.exe Solaris installers: http://www.ethereal.com/distribution/solaris/ SourceForge: http://sourceforge.net/project/showfiles.php?group_id=255 The mirror sites listed at http://www.ethereal.com/download.html#releases should be updated shortly. Digests MD5(ethereal-0.10.12.tar.bz2)=372b60e6eca14b7e1cf3e789207027f7 SHA1(ethereal-0.10.12.tar.bz2)=d08ddf9135fd56ac0a2c0dc17436c4e0736590fe RIPEMD160(ethereal-0.10.12.tar.bz2)=4d974b372a040fb70fdcc264d84f84e77e58247f MD5(ethereal-0.10.12.tar.gz)=7a8b7f8575e55837dcc18e6199dc1f7d SHA1(ethereal-0.10.12.tar.gz)=c1120a43987e8fb7ede35ec1136926e0e4a1fbc1 RIPEMD160(ethereal-0.10.12.tar.gz)=aeb725524ab89fc0ace4ed6fd27b2c388b7b011b MD5(ethereal-setup-0.10.12.exe)=f357bebd1a8ff15dbaa5e71b95d39d58 SHA1(ethereal-setup-0.10.12.exe)=9a2537e2157d69a18e6e4349b96c13516976d5ba RIPEMD160(ethereal-setup-0.10.12.exe)=f18bdb296c5795a6b1e105ab9ed54d3469d937b4 MD5(ethereal-0.10.12-solaris2.8-sparc-local.bz2)=3a9b0077068f880872f201df53525079 SHA1(ethereal-0.10.12-solaris2.8-sparc-local.bz2)=6f7697cf902598c06b11a2205ec152408697abcf RIPEMD160(ethereal-0.10.12-solaris2.8-sparc-local.bz2)=710cc53e11764005efb65b4a1f45c8426452a873 MD5(ethereal-0.10.12-solaris2.9-sparc-local.bz2)=7a9f0a3811631a5cb5226d73b54de321 SHA1(ethereal-0.10.12-solaris2.9-sparc-local.bz2)=5bd95735ade47ed5536a89844c2687446bafa919 RIPEMD160(ethereal-0.10.12-solaris2.9-sparc-local.bz2)=3edad3db9235b7da6eeab373995ec9f7956ae5ba MD5(patch-ethereal-0.10.11-to-0.10.12.diff.bz2)=8b60c0989d5fbf705b02112cce67789a SHA1(patch-ethereal-0.10.11-to-0.10.12.diff.bz2)=42c5711993b8b7366fc3d7de0964034a8f140a37 RIPEMD160(patch-ethereal-0.10.11-to-0.10.12.diff.bz2)=a90a1f95c7a88c141f2a66feb3fd293d088fd92b - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQuh5Eih9+71yA2DNAQL9XwP/bvt0lV5izZi7ND4VQgxd97WVgfNIBT94 LTJkTYi0mou9aun1YXINfHimnGQW8c8HQTZJiIe/VI0qAeqnbLPOaWN2O6N5+8Cx vfkd+0ABwBu5Yfpd3FK/PO1FLT/6Ai7tJBxfpEikFww2RwFLujYtSF9gQJvRp7WU ngTDoAISmSw= =IxmN -----END PGP SIGNATURE-----