• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Ethereal Multiple Dissector One Byte Buffer Overflow Vulnerabilities

Solution:
Red Hat has released a security advisory (RHSA-2003:077-13) containing fixes which address this and other issues with ethereal. See referenced advisory for further details on obtaining and applying fixes.

Debian has released an advisory (DSA 313-1) containing fixes to address this issue.

Ethereal 0.9.12 is not vulnerable to this issue. Users are advised to upgrade.

Red Hat has released upgraded RPMs which correct this vulnerability. Please see advisory RHSA-2003:203-01 (references section) for download links.

Updates are available for Yellow Dog Linux. These updates can be applied manually or by issuing the following command:

yum update ethereal


Ethereal Group Ethereal 0.8

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz

Ethereal Group Ethereal 0.8.18

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz

Ethereal Group Ethereal 0.9

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz

Ethereal Group Ethereal 0.9.1

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz

Ethereal Group Ethereal 0.9.10

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz

Ethereal Group Ethereal 0.9.11

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz

Ethereal Group Ethereal 0.9.2

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz

Ethereal Group Ethereal 0.9.3

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz

Ethereal Group Ethereal 0.9.4

• Debian ethereal-common_0.9.4-1woody4_alpha.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody4_alpha.deb


• Debian ethereal-common_0.9.4-1woody4_arm.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody4_arm.deb


• Debian ethereal-common_0.9.4-1woody4_hppa.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody4_hppa.deb


• Debian ethereal-common_0.9.4-1woody4_i386.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody4_i386.deb


• Debian ethereal-common_0.9.4-1woody4_ia64.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody4_ia64.deb


• Debian ethereal-common_0.9.4-1woody4_m68k.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody4_m68k.deb


• Debian ethereal-common_0.9.4-1woody4_mips.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody4_mips.deb


• Debian ethereal-common_0.9.4-1woody4_mipsel.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody4_mipsel.deb


• Debian ethereal-common_0.9.4-1woody4_powerpc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody4_powerpc.deb


• Debian ethereal-common_0.9.4-1woody4_s390.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody4_s390.deb


• Debian ethereal-common_0.9.4-1woody4_sparc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody4_sparc.deb


• Debian ethereal-dev_0.9.4-1woody4_alpha.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody4_alpha.deb


• Debian ethereal-dev_0.9.4-1woody4_arm.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody4_arm.deb


• Debian ethereal-dev_0.9.4-1woody4_hppa.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody4_hppa.deb


• Debian ethereal-dev_0.9.4-1woody4_i386.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody4_i386.deb


• Debian ethereal-dev_0.9.4-1woody4_ia64.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody4_ia64.deb


• Debian ethereal-dev_0.9.4-1woody4_m68k.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody4_m68k.deb


• Debian ethereal-dev_0.9.4-1woody4_mips.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody4_mips.deb


• Debian ethereal-dev_0.9.4-1woody4_mipsel.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody4_mipsel.deb


• Debian ethereal-dev_0.9.4-1woody4_powerpc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody4_powerpc.deb


• Debian ethereal-dev_0.9.4-1woody4_s390.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody4_s390.deb


• Debian ethereal-dev_0.9.4-1woody4_sparc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody4_sparc.deb


• Debian ethereal_0.9.4-1woody4_alpha.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody4_alpha.deb


• Debian ethereal_0.9.4-1woody4_arm.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody4_arm.deb


• Debian ethereal_0.9.4-1woody4_hppa.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody4_hppa.deb


• Debian ethereal_0.9.4-1woody4_i386.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody4_i386.deb


• Debian ethereal_0.9.4-1woody4_ia64.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody4_ia64.deb


• Debian ethereal_0.9.4-1woody4_m68k.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody4_m68k.deb


• Debian ethereal_0.9.4-1woody4_mips.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody4_mips.deb


• Debian ethereal_0.9.4-1woody4_mipsel.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody4_mipsel.deb


• Debian ethereal_0.9.4-1woody4_powerpc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody4_powerpc.deb


• Debian ethereal_0.9.4-1woody4_s390.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody4_s390.deb


• Debian ethereal_0.9.4-1woody4_sparc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody4_sparc.deb


• Debian tethereal_0.9.4-1woody4_alpha.deb
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody4_alpha.deb


• Debian tethereal_0.9.4-1woody4_arm.deb
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody4_arm.deb


• Debian tethereal_0.9.4-1woody4_hppa.deb
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody4_hppa.deb


• Debian tethereal_0.9.4-1woody4_i386.deb
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody4_i386.deb


• Debian tethereal_0.9.4-1woody4_ia64.deb
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody4_ia64.deb


• Debian tethereal_0.9.4-1woody4_m68k.deb
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody4_m68k.deb


• Debian tethereal_0.9.4-1woody4_mips.deb
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody4_mips.deb


• Debian tethereal_0.9.4-1woody4_mipsel.deb
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody4_mipsel.deb


• Debian tethereal_0.9.4-1woody4_powerpc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody4_powerpc.deb


• Debian tethereal_0.9.4-1woody4_s390.deb
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody4_s390.deb


• Debian tethereal_0.9.4-1woody4_sparc.deb
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody4_sparc.deb


• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz

Ethereal Group Ethereal 0.9.5

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz

Ethereal Group Ethereal 0.9.6

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz

Ethereal Group Ethereal 0.9.7

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz

Ethereal Group Ethereal 0.9.8

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz


• Yellow Dog ethereal-0.9.13-1.90.1a.ppc.rpm
  ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ppc/e thereal-0.9.13-1.90.1a.ppc.rpm


• Yellow Dog ethereal-gnome-0.9.13-1.90.1a.ppc.rpm
  ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ppc/e thereal-gnome-0.9.13-1.90.1a.ppc.rpm

Ethereal Group Ethereal 0.9.9

• Ethereal Group ethereal-0.9.12.tar.gz
  http://www.ethereal.com/distribution/ethereal-0.9.12.tar.gz


• Mandrake ethereal-0.9.12-1.2mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ethereal-0.9.12-1.2mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php