• info
• discussion
• exploit
• solution
• references

Ethereal ISIS Dissector Memory Corruption Vulnerability

Solution:
FreeBSD has released an updated version of ports which contains version 0.9.6 of Ethereal. The new version of ports may be downloaded from a ports mirror, and the fixed version of Ethereal installed from source. See referenced advisory for more information.

Gentoo Linux advises users running ethereal to update their systems with the following commands:

emerge rsync
emerge ethereal
emerge clean

This issue has been addressed in Ethereal 0.9.6. Those affected by this vulnerability are advised to upgrade.

Debian has released fixes (see advisory DSA-162-1, http://online.securityfocus.com/advisories/4451).


Ethereal Group Ethereal 0.8

• Debian ethereal_0.8.0-4potato.1.diff.gz
  Diff to be applied to ethereal_0.8.0.orig.tar.gz.
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0 -4potato.1.diff.gz


• Debian ethereal_0.8.0-4potato.1_alpha.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0 -4potato.1_alpha.deb


• Debian ethereal_0.8.0-4potato.1_arm.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0 -4potato.1_arm.deb


• Debian ethereal_0.8.0-4potato.1_m68k.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0 -4potato.1_m68k.deb


• Debian ethereal_0.8.0-4potato.1_powerpc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0 -4potato.1_powerpc.deb


• Debian ethereal_0.8.0-4potato.1_sparc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0 -4potato.1_sparc.deb

Ethereal Group Ethereal 0.9

• Ethereal Group ethereal-0.9.6.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.6.tar.gz

Ethereal Group Ethereal 0.9.1

• Ethereal Group ethereal-0.9.6.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.6.tar.gz

Ethereal Group Ethereal 0.9.2

• Ethereal Group ethereal-0.9.6.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.6.tar.gz

Ethereal Group Ethereal 0.9.3

• Ethereal Group ethereal-0.9.6.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.6.tar.gz


• Red Hat ethereal-0.9.6-0.6x.1.alpha.rpm
  ftp://updates.redhat.com/6.2/en/powertools/alpha/ethereal-0.9.6-0.6x.1 .alpha.rpm


• Red Hat ethereal-0.9.6-0.6x.1.i386.rpm
  ftp://updates.redhat.com/6.2/en/powertools/i386/ethereal-0.9.6-0.6x.1. i386.rpm


• Red Hat ethereal-0.9.6-0.70.1.alpha.rpm
  ftp://updates.redhat.com/7.0/en/powertools/alpha/ethereal-0.9.6-0.70.1 .alpha.rpm


• Red Hat ethereal-0.9.6-0.70.1.i386.rpm
  ftp://updates.redhat.com/7.0/en/powertools/i386/ethereal-0.9.6-0.70.1. i386.rpm


• Red Hat ethereal-0.9.6-0.71.0.alpha.rpm
  ftp://updates.redhat.com/7.1/en/powertools/alpha/ethereal-0.9.6-0.71.0 .alpha.rpm


• Red Hat ethereal-0.9.6-0.71.0.i386.rpm
  ftp://updates.redhat.com/7.1/en/powertools/i386/ethereal-0.9.6-0.71.0. i386.rpm

Ethereal Group Ethereal 0.9.4

• Conectiva ethereal-0.9.11-1U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ethereal-0.9.11-1U60_1cl. i386.rpm


• Conectiva ethereal-0.9.11-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ethereal-0.9.11-1U70_1cl. i386.rpm


• Conectiva ethereal-0.9.11-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-0.9.11-1U80_1cl.i3 86.rpm


• Conectiva ethereal-common-0.9.11-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-common-0.9.11-1U80 _1cl.i386.rpm


• Conectiva ethereal-gtk-0.9.11-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-gtk-0.9.11-1U80_1c l.i386.rpm


• Conectiva ethereal-utils-0.9.11-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-utils-0.9.11-1U80_ 1cl.i386.rpm


• Conectiva tethereal-0.9.11-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/tethereal-0.9.11-1U80_1cl.i 386.rpm


• Debian ethereal-common_0.9.4-1woody2_alpha.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody2_alpha.deb


• Debian ethereal-common_0.9.4-1woody2_arm.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody2_arm.deb


• Debian ethereal-common_0.9.4-1woody2_hppa.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody2_hppa.deb


• Debian ethereal-common_0.9.4-1woody2_i386.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody2_i386.deb


• Debian ethereal-common_0.9.4-1woody2_ia64.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody2_ia64.deb


• Debian ethereal-common_0.9.4-1woody2_m68k.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody2_m68k.deb


• Debian ethereal-common_0.9.4-1woody2_mips.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody2_mips.deb


• Debian ethereal-common_0.9.4-1woody2_mipsel.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody2_mipsel.deb


• Debian ethereal-common_0.9.4-1woody2_powerpc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody2_powerpc.deb


• Debian ethereal-common_0.9.4-1woody2_s390.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody2_s390.deb


• Debian ethereal-common_0.9.4-1woody2_sparc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody2_sparc.deb


• Debian ethereal-dev_0.9.4-1woody2_alpha.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody2_alpha.deb


• Debian ethereal-dev_0.9.4-1woody2_arm.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody2_arm.deb


• Debian ethereal-dev_0.9.4-1woody2_hppa.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody2_hppa.deb


• Debian ethereal-dev_0.9.4-1woody2_i386.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody2_i386.deb


• Debian ethereal-dev_0.9.4-1woody2_ia64.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody2_ia64.deb


• Debian ethereal-dev_0.9.4-1woody2_m68k.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody2_m68k.deb


• Debian ethereal-dev_0.9.4-1woody2_mips.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody2_mips.deb


• Debian ethereal-dev_0.9.4-1woody2_mipsel.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody2_mipsel.deb


• Debian ethereal-dev_0.9.4-1woody2_powerpc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody2_powerpc.deb


• Debian ethereal-dev_0.9.4-1woody2_s390.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody2_s390.deb


• Debian ethereal-dev_0.9.4-1woody2_sparc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody2_sparc.deb


• Debian ethereal_0.9.4-1woody2.diff.gz
  Diff to be applied to ethereal_0.9.4.orig.tar.gz.
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody2.diff.gz


• Debian ethereal_0.9.4-1woody2_alpha.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody2_alpha.deb


• Debian ethereal_0.9.4-1woody2_arm.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody2_arm.deb


• Debian ethereal_0.9.4-1woody2_hppa.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody2_hppa.deb


• Debian ethereal_0.9.4-1woody2_i386.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody2_i386.deb


• Debian ethereal_0.9.4-1woody2_ia64.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody2_ia64.deb


• Debian ethereal_0.9.4-1woody2_m68k.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody2_m68k.deb


• Debian ethereal_0.9.4-1woody2_mips.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody2_mips.deb


• Debian ethereal_0.9.4-1woody2_mipsel.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody2_mipsel.deb


• Debian ethereal_0.9.4-1woody2_powerpc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody2_powerpc.deb


• Debian ethereal_0.9.4-1woody2_s390.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody2_s390.deb


• Debian ethereal_0.9.4-1woody2_sparc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody2_sparc.deb


• Ethereal Group ethereal-0.9.6.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.6.tar.gz


• Red Hat ethereal-0.9.6-0.72.0.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/ethereal-0.9.6-0.72.0.i386.rpm


• Red Hat ethereal-0.9.6-0.72.0.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/ethereal-0.9.6-0.72.0.ia64.rpm


• Red Hat ethereal-0.9.6-0.73.0.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/ethereal-0.9.6-0.73.0.i386.rpm


• Red Hat ethereal-gnome-0.9.6-0.72.0.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/ethereal-gnome-0.9.6-0.72.0.i3 86.rpm


• Red Hat ethereal-gnome-0.9.6-0.72.0.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/ethereal-gnome-0.9.6-0.72.0.ia 64.rpm


• Red Hat ethereal-gnome-0.9.6-0.73.0.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/ethereal-gnome-0.9.6-0.73.0.i3 86.rpm

Ethereal Group Ethereal 0.9.5

• Ethereal Group ethereal-0.9.6.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.6.tar.gz