Yellow Dog Linux Security Announcement -------------------------------------- Package: ethereal Issue Date: June 06, 2002 Priority: high Advisory ID: YDU-20020606-7 1. Topic: Updated ethereal packages are available. 2. Problem: "Ethereal is a package designed for monitoring network traffic on your system. Several security issues have been found in Ethereal: Due to improper string and error handling in Ethereal's ASN.1 parser, it is possible for a malformed SNMP or LDAP packet to cause a memory allocation or buffer overrun error in Ethereal versions before 0.9.2 (CAN-2002-0013 CAN-2002-0012) The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields. (CAN-2002-0353) The SMB dissector in Ethereal prior to version 0.9.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer. (CAN-2002-0401) A buffer overflow in X11 dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. (CAN-2002-0402) The DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. (CAN-2002-0403) A vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption). (CAN-2002-0404) Users of Ethereal should update to the errata packages containing Ethereal version 0.9.4 which is not vulnerable to these issues." (from Red Hat Advisory) 3. Solution: a) Updating via apt... We suggest that you use the apt-get program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: apt-get update apt-get install ethereal b) Updating manually... The update can also be retrieved manually from our ftp site below along with the rpm command that should be used to install the update. (Please use a mirror site) ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/ppc/ rpm -Fvh ucd-snmp-*4.2.3-1.7.2.3.ppc.rpm rpm -Fvh ethereal-*0.9.4-0.7.2.0a.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- eb784e2d9f8131158372204c90068d78 ppc/ethereal-0.9.4-0.7.2.0a.ppc.rpm d5da4c0d0adcd833773ca54e828e37a7 ppc/ethereal-gnome-0.9.4-0.7.2.0a.ppc.rpm d791fab4ce42d14f6a703224ec409d06 ppc/ucd-snmp-4.2.3-1.7.2.3.ppc.rpm f14ffc4f201b45446c0e9fba30ad68d8 ppc/ucd-snmp-devel-4.2.3-1.7.2.3.ppc.rpm ec9f8cfc60770b58904d5c652aeea854 ppc/ucd-snmp-utils-4.2.3-1.7.2.3.ppc.rpm d7924b3968cd76707ae4f5f800bab772 SRPMS/ethereal-0.9.4-0.7.2.0a.src.rpm 61b8b985ab201f067235612c387e94e0 SRPMS/ucd-snmp-4.2.3-1.7.2.3.src.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: rpm --checksig --nogpg filename 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more information. For information regarding the usage of apt-get, see: http://www.yellowdoglinux.com/support/solutions/ydl_2.2/apt-get.shtml