Ethereal SOCKS解析器格式串溢出漏洞发布时间:2003-03-08 更新时间:2003-03-21 严重程度:高 威胁程度:普通用户访问权限 错误类型:边界检查错误 利用方式:服务器模式 BUGTRAQ ID:7049 CVE(CAN) ID:CAN-2003-0081 受影响系统 Ethereal Group Ethereal 0.8.18详细描述 Ethereal的SOCKS解析器存在一个格式串溢出漏洞。 攻击者可以连接到一个SOCKS服务器,并且发送一些恶意的格式串给SOCKS服务器,如果网络上有Ethereal在监听网络数据包,运行Ethereal的机器就会发生格式串溢出。精心构建的数据可能以Ethereal进程权限在系统上执行任意指令。 解决方案 Ethereal Group Ethereal 0.8.18: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9 .0: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.1: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.2: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.3: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.4: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Debian Upgrade ethereal-common_0.9.4-1woody3_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_alpha.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-common_0.9.4-1woody3_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_arm.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-common_0.9.4-1woody3_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_hppa.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-common_0.9.4-1woody3_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_i386.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-common_0.9.4-1woody3_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_ia64.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-common_0.9.4-1woody3_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_m68k.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-common_0.9.4-1woody3_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_mips.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-common_0.9.4-1woody3_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_mipsel.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-common_0.9.4-1woody3_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_powerpc.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-common_0.9.4-1woody3_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_s390.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-common_0.9.4-1woody3_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_sparc.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-dev_0.9.4-1woody3_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_alpha.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-dev_0.9.4-1woody3_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_arm.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-dev_0.9.4-1woody3_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_hppa.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-dev_0.9.4-1woody3_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_i386.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-dev_0.9.4-1woody3_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_ia64.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-dev_0.9.4-1woody3_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_m68k.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-dev_0.9.4-1woody3_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_mips.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-dev_0.9.4-1woody3_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_mipsel.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-dev_0.9.4-1woody3_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_powerpc.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-dev_0.9.4-1woody3_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_s390.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal-dev_0.9.4-1woody3_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_sparc.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade tethereal_0.9.4-1woody3_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_alpha.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade tethereal_0.9.4-1woody3_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_arm.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade tethereal_0.9.4-1woody3_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_hppa.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade tethereal_0.9.4-1woody3_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_i386.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade tethereal_0.9.4-1woody3_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_ia64.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade tethereal_0.9.4-1woody3_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_m68k.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade tethereal_0.9.4-1woody3_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_mips.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade tethereal_0.9.4-1woody3_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_mipsel.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade tethereal_0.9.4-1woody3_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_powerpc.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade tethereal_0.9.4-1woody3_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_s390.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade tethereal_0.9.4-1woody3_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_sparc.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal_0.9.4-1woody3_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_alpha.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal_0.9.4-1woody3_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_arm.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal_0.9.4-1woody3_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_hppa.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal_0.9.4-1woody3_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_i386.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal_0.9.4-1woody3_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_ia64.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal_0.9.4-1woody3_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_m68k.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal_0.9.4-1woody3_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_mips.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal_0.9.4-1woody3_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_mipsel.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal_0.9.4-1woody3_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_powerpc.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal_0.9.4-1woody3_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_s390.deb Debian GNU/Linux 3.0 alias woody Debian Upgrade ethereal_0.9.4-1woody3_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_sparc.deb Debian GNU/Linux 3.0 alias woody Ethereal Group Ethereal 0.9.5: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.6: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz S.u.S.E. Upgrade ethereal-0.9.6-57.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/ethereal-0.9.6-57.sparc.rpm SuSE-7.3 S.u.S.E. Upgrade ethereal-0.9.6-57.src.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/ethereal-0.9.6-57.src.rpm SuSE-7.3 S.u.S.E. Upgrade ethereal-0.9.6-80.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/ethereal-0.9.6-80.alpha.rpm SuSE-7.1 S.u.S.E. Upgrade ethereal-0.9.6-80.src.rpm ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/ethereal-0.9.6-80.src.rpm SuSE-7.1 S.u.S.E. Upgrade ethereal-0.9.6-90.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/ethereal-0.9.6-90.ppc.rpm SuSE-7.3 S.u.S.E. Upgrade ethereal-0.9.6-90.src.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/ethereal-0.9.6-90.src.rpm SuSE-7.3 S.u.S.E. Upgrade ethereal-0.9.6-92.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/ethereal-0.9.6-92.ppc.rpm SuSE-7.1 S.u.S.E. Upgrade ethereal-0.9.6-92.src.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/ethereal-0.9.6-92.src.rpm SuSE-7.1 S.u.S.E. Upgrade ethereal-0.9.6-152.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/ethereal-0.9.6-152.i586.patch.rpm SuSE-8.1 S.u.S.E. Upgrade ethereal-0.9.6-152.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/ethereal-0.9.6-152.i586.rpm SuSE-8.1 S.u.S.E. Upgrade ethereal-0.9.6-152.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/ethereal-0.9.6-152.src.rpm SuSE-8.1 S.u.S.E. Upgrade ethereal-0.9.6-153.i386.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/ethereal-0.9.6-153.i386.patch.rpm SuSE-8.0 S.u.S.E. Upgrade ethereal-0.9.6-153.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/ethereal-0.9.6-153.i386.rpm SuSE-8.0 S.u.S.E. Upgrade ethereal-0.9.6-153.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/ethereal-0.9.6-153.src.rpm SuSE-8.0 S.u.S.E. Upgrade ethereal-0.9.6-154.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/ethereal-0.9.6-154.i386.rpm SuSE-7.3 S.u.S.E. Upgrade ethereal-0.9.6-154.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/ethereal-0.9.6-154.src.rpm SuSE-7.3 S.u.S.E. Upgrade ethereal-0.9.6-155.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/ethereal-0.9.6-155.i386.rpm SuSE-7.2 S.u.S.E. Upgrade ethereal-0.9.6-155.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/ethereal-0.9.6-155.src.rpm SuSE-7.2 S.u.S.E. Upgrade ethereal-0.9.6-156.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/ethereal-0.9.6-156.i386.rpm SuSE-7.1 S.u.S.E. Upgrade ethereal-0.9.6-156.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/ethereal-0.9.6-156.src.rpm SuSE-7.1 Ethereal Group Ethereal 0.9.7: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.8: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.9: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz 相关信息 报告:Georgi Guninski 相关信息:http://online.securityfocus.com/advisories/5076 http://online.securityfocus.com/advisories/5082 http://online.securityfocus.com/advisories/5148 |
