Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2005.0599 -- Ethereal Anouncement
Ethereal 0.10.12 is now available
28 July 2005
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Ethereal prior to version 0.10.12
Publisher: Ethereal
Operating System: UNIX variants
Windows
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
Original Bulletin:
http://www.ethereal.com/lists/ethereal-announce/200507/msg00000.html
- --------------------------BEGIN INCLUDED TEXT--------------------
Ethereal 0.10.12 has been released.
Our testing program has turned up several more security issues:
The LDAP dissector could free static memory and crash.
Versions affected: 0.8.5 to 0.10.11
The AgentX dissector could crash.
Versions affected: 0.10.10 to 0.10.11
The 802.3 dissector could go into an infinite loop.
Versions affected: 0.8.16 to 0.10.11
The PER dissector could abort.
Versions affected: 0.10.5 to 0.10.11
The DHCP dissector could go into an infinite loop.
Versions affected: 0.10.7 to 0.10.11
The BER dissector could abort or loop infinitely.
Version affected: 0.10.11
The MEGACO dissector could go into an infinite loop.
Versions affected: 0.9.14 to 0.10.11
The GIOP dissector could dereference a null pointer.
Versions affected: 0.8.20 to 0.10.11
The SMB dissector was susceptible to a buffer overflow.
Versions affected: 0.9.12 to 0.10.11
The WBXML could dereference a null pointer.
Versions affected: 0.10.1 to 0.10.11
The H1 dissector could go into an infinite loop.
Versions affected: 0.8.15 to 0.10.11
The DOCSIS dissector could cause a crash.
Versions affected: 0.9.13 to 0.10.11
The SMPP dissector could go into an infinite loop.
Versions affected: 0.10.1 to 0.10.11
SCTP graphs could crash.
Version affected: 0.10.11
The HTTP dissector could crash.
Versions affected: 0.10.4 to 0.10.11
The SMB dissector could go into a large loop.
Versions affected: 0.9.0 to 0.10.11
The DCERPC dissector could crash.
Versions affected: 0.9.16 to 0.10.11.
Several dissectors could crash while reassembling packets.
Versions affected: 0.9.0 to 0.10.11
Steve Grubb at Red Hat found the following issues:
The CAMEL dissector could dereference a null pointer.
Version affected: 0.10.11
The DHCP dissector could crash.
Versions affected: 0.10.4 to 0.10.11
The CAMEL dissector could crash.
Versions affected: 0.10.10 to 0.10.11
The PER dissector could crash.
Versions affected: 0.10.10 to 0.10.11
The RADIUS dissector could crash.
Versions affected: 0.9.4 to 0.10.11
The Telnet dissector could crash.
Versions affected: 0.9.10 to 0.10.11
The IS-IS LSP dissector could crash.
Versions affected: 0.8.19 to 0.10.11
The NCP dissector could crash.
Versions affected: 0.9.15 to 0.10.11
iDEFENSE found the following issues:
Several dissectors were susceptible to a format string overflow.
Versions affected: 0.9.4 to 0.10.11
Ethereal uses the zlib compression library. Security vulnerabilities
have been discovered in zlib 1.2.1 and 1.2.2. The Windows installer
now ships with zlib 1.2.3, which fixes these vulnerabilities.
Please see the following advisory for more information:
http://www.ethereal.com/appnotes/enpa-sa-00020.html
Everyone is encouraged to upgrade.
New and updated features
The Windows installer now includes the WinPcap 3.1 beta 4 installer.
You don't have to download and install it separately.
RADIUS dictionaries are now included.
A lot of documentation was updated
Some command line parameters have changed, see the Ethereal / Tethereal
manual pages
A "File/File Set" submenu was added to better handle multiple files
(such as ring buffers).
Flow graphs can now be created for any protocol.
Memory management has been greatly improved.
JXTA has been added to the conversations menu.
When compiled with MIT/Heimdal Kerberos AND if keytab files are
provided, Ethereal can now decrypt and dissect both SecureLDAP and
encrypted DCE/RPC.
TCP Sequence graphs should now work for all captures and all
encapsulation types.
New protocol support
ACSE, ARMAGETRONAD, AudioCodes trunk trace, CSM_ENCAPS, DEC DNA Routing,
DIS, FTAM, iFCP, Juniper PPPoE, MMS, MS MediaServer, MSRP, Parlay,
Synergy, TANGO, WLAN Certificate Extensions
Updated protocol support
802.11 Radiotap, 9P, ACSE, AFP, AgentX, AIM, ANSI MAP, BACapp, BVLC,
Camel, CLNP, CMIP, DCERPC, DCOM, DHCP, DHCP Failover, DHCPv6, DICOM,
DNP, DNS, DOCSIS, EAP, Ethernet, FC ELS, FCIP, FCP, FC-SWILS, GIOP,
GSM A, GSM MAP, GSSAPI, GTP, H1, H.221, H.225, H.235, H.245, H.248,
H.450, HPSW, HTTP, HyperSCSI, ICMP, IEEE 802.11, IEEE 802.3, iFCP,
IP, IPDC, ISAKMP, iSCSI, iSNS, ISUP, JXTA, Kerberos, KINK, LDAP, LLC,
LMP, LWAPP, MEGACO, MGCP, MMSE, NDMP, NDPS, NFS, NTLMSSP, OSI, OSPF,
PER, PPP, PRES, PROFINET, RDT, RMT, RPC, RSVP, Rsync, RTP, RTSP, SCSI,
SCTP, SDP, SIP, SMB, SMPP, SNMP, SPNEGO, SSCOP, SSL, T.38, TCAP, TCP,
Telnet, TFTP, TPKT, UDP, UDVM, UMA, V5UA, WBXML, WSP, XML, YMSG, YPSERV
New and updated capture file support
HP Nettl, Tektronix K12
Download Sites
The source code, Windows and Solaris installers can be downloaded
immediately from the following locations:
Main site:
Source:
http://www.ethereal.com/distribution/ethereal-0.10.12.tar.gz
http://www.ethereal.com/distribution/ethereal-0.10.12.tar.bz2
Windows installer:
http://www.ethereal.com/distribution/win32/ethereal-setup-0.10.12.exe
Solaris installers:
http://www.ethereal.com/distribution/solaris/
SourceForge:
http://sourceforge.net/project/showfiles.php?group_id=255
The mirror sites listed at
http://www.ethereal.com/download.html#releases
should be updated shortly.
Digests
MD5(ethereal-0.10.12.tar.bz2)=372b60e6eca14b7e1cf3e789207027f7
SHA1(ethereal-0.10.12.tar.bz2)=d08ddf9135fd56ac0a2c0dc17436c4e0736590fe
RIPEMD160(ethereal-0.10.12.tar.bz2)=4d974b372a040fb70fdcc264d84f84e77e58247f
MD5(ethereal-0.10.12.tar.gz)=7a8b7f8575e55837dcc18e6199dc1f7d
SHA1(ethereal-0.10.12.tar.gz)=c1120a43987e8fb7ede35ec1136926e0e4a1fbc1
RIPEMD160(ethereal-0.10.12.tar.gz)=aeb725524ab89fc0ace4ed6fd27b2c388b7b011b
MD5(ethereal-setup-0.10.12.exe)=f357bebd1a8ff15dbaa5e71b95d39d58
SHA1(ethereal-setup-0.10.12.exe)=9a2537e2157d69a18e6e4349b96c13516976d5ba
RIPEMD160(ethereal-setup-0.10.12.exe)=f18bdb296c5795a6b1e105ab9ed54d3469d937b4
MD5(ethereal-0.10.12-solaris2.8-sparc-local.bz2)=3a9b0077068f880872f201df53525079
SHA1(ethereal-0.10.12-solaris2.8-sparc-local.bz2)=6f7697cf902598c06b11a2205ec152408697abcf
RIPEMD160(ethereal-0.10.12-solaris2.8-sparc-local.bz2)=710cc53e11764005efb65b4a1f45c8426452a873
MD5(ethereal-0.10.12-solaris2.9-sparc-local.bz2)=7a9f0a3811631a5cb5226d73b54de321
SHA1(ethereal-0.10.12-solaris2.9-sparc-local.bz2)=5bd95735ade47ed5536a89844c2687446bafa919
RIPEMD160(ethereal-0.10.12-solaris2.9-sparc-local.bz2)=3edad3db9235b7da6eeab373995ec9f7956ae5ba
MD5(patch-ethereal-0.10.11-to-0.10.12.diff.bz2)=8b60c0989d5fbf705b02112cce67789a
SHA1(patch-ethereal-0.10.11-to-0.10.12.diff.bz2)=42c5711993b8b7366fc3d7de0964034a8f140a37
RIPEMD160(patch-ethereal-0.10.11-to-0.10.12.diff.bz2)=a90a1f95c7a88c141f2a66feb3fd293d088fd92b
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQuh5Eih9+71yA2DNAQL9XwP/bvt0lV5izZi7ND4VQgxd97WVgfNIBT94
LTJkTYi0mou9aun1YXINfHimnGQW8c8HQTZJiIe/VI0qAeqnbLPOaWN2O6N5+8Cx
vfkd+0ABwBu5Yfpd3FK/PO1FLT/6Ai7tJBxfpEikFww2RwFLujYtSF9gQJvRp7WU
ngTDoAISmSw=
=IxmN
-----END PGP SIGNATURE-----