Update Mandrake (DoS)

debug · 14/12/2003, 01h04

Package name: ethereal
Advisory ID: MDKSA-2003:114
Date: December 10th, 2003

Affected versions: 9.1, 9.2
____________________________________

Problem Description:

A number of vulnerabilities were discovered in ethereal that, if
exploited, could be used to make ethereal crash or run arbitrary code
by injecting malicious malformed packets onto the wire or by
convincing someone to read a malformed packet trace file.

A buffer overflow allows attackers to cause a DoS (Denial of Service)
and possibly execute arbitrary code using a malformed GTP MSISDN
string (CAN-2003-0925).

Likewise, a DoS can be caused by using malformed ISAKMP or MEGACO
packets (CAN-2003-0926).

Finally, a heap-based buffer overflow allows attackers to cause a DoS
or execute arbitrary code using the SOCKS dissector (CAN-2003-0927).

All three vulnerabilities affect all versions of Ethereal up to and
including 0.9.15. This update provides 0.9.16 which corrects all of
these issues. Also note that each vulnerability can be exploited by
a remote attacker.
_________________________________

References:

http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0925
http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0926
http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0927
http://www.ethereal.com/appnotes/enpa-sa-00011.html

--
A qui peut se vaincre soi-même, il est peu de chose
qui puisse résister.
[Louis XIV]
Extrait de ses Mémoires

Cyberdeeder · 14/12/2003, 06h21

Ouep ça a fait beaucoup de bruit cette affaire

14/12/2003, 01h04	#1
debug Membre Date d'inscription: mai 2003 Localisation: Francophonie Messages: 1 211 Hébergeur: WWW	Update Mandrake (DoS) Package name: ethereal Advisory ID: MDKSA-2003:114 Date: December 10th, 2003 Affected versions: 9.1, 9.2 ____________________________________ Problem Description: A number of vulnerabilities were discovered in ethereal that, if exploited, could be used to make ethereal crash or run arbitrary code by injecting malicious malformed packets onto the wire or by convincing someone to read a malformed packet trace file. A buffer overflow allows attackers to cause a DoS (Denial of Service) and possibly execute arbitrary code using a malformed GTP MSISDN string (CAN-2003-0925). Likewise, a DoS can be caused by using malformed ISAKMP or MEGACO packets (CAN-2003-0926). Finally, a heap-based buffer overflow allows attackers to cause a DoS or execute arbitrary code using the SOCKS dissector (CAN-2003-0927). All three vulnerabilities affect all versions of Ethereal up to and including 0.9.15. This update provides 0.9.16 which corrects all of these issues. Also note that each vulnerability can be exploited by a remote attacker. _________________________________ References: http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0925 http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0926 http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0927 http://www.ethereal.com/appnotes/enpa-sa-00011.html -- A qui peut se vaincre soi-même, il est peu de chose qui puisse résister. [Louis XIV] Extrait de ses Mémoires

14/12/2003, 06h21	#2
Cyberdeeder Membre Pro Date d'inscription: juin 2003 Localisation: Reims Messages: 1 188 Hébergeur: Localhost	Re: Update Mandrake (DoS) Ouep ça a fait beaucoup de bruit cette affaire

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email