Skip Quicknav

• About Debian
• News
• Getting Debian
• Support
• Developers' Corner
• Site map
• Search

Debian Security Advisory

DSA-1049-1 ethereal -- several vulnerabilities

Date Reported:

02 May 2006

Affected Packages:

ethereal

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 17682.
In Mitre's CVE dictionary: CVE-2006-1932, CVE-2006-1933, CVE-2006-1934, CVE-2006-1935, CVE-2006-1936, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940.

More information:

Gerald Combs reported several vulnerabilities in ethereal, a popular network traffic analyser. The Common Vulnerabilities and Exposures project identifies the following problems:

• CVE-2006-1932

  The OID printing routine is susceptible to an off-by-one error.

• CVE-2006-1933

  The UMA and BER dissectors could go into an infinite loop.

• CVE-2006-1934

  The Network Instruments file code could overrun a buffer.

• CVE-2006-1935

  The COPS dissector contains a potential buffer overflow.

• CVE-2006-1936

  The telnet dissector contains a buffer overflow.

• CVE-2006-1937

  Bugs in the SRVLOC and AIM dissector, and in the statistics counter could crash ethereal.

• CVE-2006-1938

  Null pointer dereferences in the SMB PIPE dissector and when reading a malformed Sniffer capture could crash ethereal.

• CVE-2006-1939

  Null pointer dereferences in the ASN.1, GSM SMS, RPC and ASN.1-based dissector and an invalid display filter could crash ethereal.

• CVE-2006-1940

  The SNDCP dissector could cause an unintended abortion.

For the old stable distribution (woody) these problems have been fixed in version 0.9.4-1woody15.

For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge5.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your ethereal packages.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.dsc

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.diff.gz

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz

Alpha:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_alpha.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_alpha.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_alpha.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_arm.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_arm.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_arm.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_i386.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_i386.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_i386.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_ia64.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_ia64.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_ia64.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_ia64.deb

HPPA:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_hppa.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_hppa.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_hppa.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_m68k.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_m68k.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_m68k.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mips.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mips.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mips.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mipsel.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mipsel.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mipsel.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_powerpc.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_powerpc.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_powerpc.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_s390.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_s390.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_s390.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_sparc.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_sparc.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_sparc.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_sparc.deb

Debian GNU/Linux 3.1 (sarge)

Source:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.dsc

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.diff.gz

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz

Alpha:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_alpha.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_alpha.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_alpha.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_alpha.deb

AMD64:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_amd64.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_amd64.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_amd64.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_amd64.deb

ARM:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_arm.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_arm.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_arm.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_i386.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_i386.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_i386.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_ia64.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_ia64.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_ia64.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_ia64.deb

HPPA:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_hppa.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_hppa.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_hppa.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_m68k.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_m68k.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_m68k.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mips.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mips.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mips.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mipsel.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mipsel.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mipsel.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_powerpc.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_powerpc.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_powerpc.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_s390.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_s390.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_s390.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_sparc.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_sparc.deb

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_sparc.deb

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

This page is also available in the following languages:

dansk Deutsch español français 日本語 (Nihongo) svenska

How to set the default document language