Ethereal SMB Protocol Dissector Denial of Service Vulnerability

Ethereal SMB Protocol Dissector Denial of Service Vulnerability

Solution:
The vendor has released Ethereal 0.10.0 to address this issue.

Red Hat has released advisories RHSA-2004:002-02, FEDORA-2003-040, RHSA-2004:001-01, and FLSA:1193 to address this vulnerability in Red Hat products. Customers subscribed to the Red Hat Network may obtain appropriate updates using the Red Hat Update Agent "up2date". Further details can be found in the referenced advisories.

Debian has released advisory DSA 407-1 to address this issue. See referenced advisory for additional details.

Conectiva has released advisory CLA-2004:801 to address this issue. See referenced advisory for additional details.

Mandrake has released advisory MDKSA-2004:002 to address this issue.

SGI has released an advisory 20040103-01-U with fixes to address this and other issues. Please see the referenced advisory for more information.

SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below:

RedHat ethereal-0.9.8-6.i386.rpm

RedHat ethereal-0.10.0a-0.90.1.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/ethereal-0.10.0a-0.90.1.i386.rpm

RedHat ethereal-gnome-0.9.8-6.i386.rpm

RedHat ethereal-gnome-0.10.0a-0.90.1.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/ethereal-gnome-0.10.0a-0.90.1.i3 86.rpm

Ethereal Group Ethereal 0.9

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.1

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.10

Conectiva ethereal-0.10.0a-27097U90_1cl.i386.rpm
Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-0.10.0a-27097U90_1 cl.i386.rpm

Conectiva ethereal-common-0.10.0a-27097U90_1cl.i386.rpm
Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-common-0.10.0a-270 97U90_1cl.i386.rpm

Conectiva ethereal-gtk-0.10.0a-27097U90_1cl.i386.rpm
Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-gtk-0.10.0a-27097U 90_1cl.i386.rpm

Conectiva ethereal-utils-0.10.0a-27097U90_1cl.i386.rpm
Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-utils-0.10.0a-2709 7U90_1cl.i386.rpm

Conectiva tethereal-0.10.0a-27097U90_1cl.i386.rpm
Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
ftp://atualizacoes.conectiva.com.br/9/RPMS/tethereal-0.10.0a-27097U90_ 1cl.i386.rpm

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.11

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.12

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.13

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Mandrake ethereal-0.10.0a-0.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php

Ethereal Group Ethereal 0.9.14

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.15

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.16

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.2

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.3

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.4

Conectiva ethereal-0.10.0a-1U80_1cl.i386.rpm
Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-0.10.0a-1U80_1cl.i 386.rpm

Conectiva ethereal-common-0.10.0a-1U80_1cl.i386.rpm
Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-common-0.10.0a-1U8 0_1cl.i386.rpm

Conectiva ethereal-gtk-0.10.0a-1U80_1cl.i386.rpm
Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-gtk-0.10.0a-1U80_1 cl.i386.rpm

Conectiva ethereal-utils-0.10.0a-1U80_1cl.i386.rpm
Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-utils-0.10.0a-1U80 _1cl.i386.rpm

Conectiva tethereal-0.10.0a-1U80_1cl.i386.rpm
Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
ftp://atualizacoes.conectiva.com.br/8/RPMS/tethereal-0.10.0a-1U80_1cl. i386.rpm

Debian ethereal-common_0.9.4-1woody6_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_alpha.deb

Debian ethereal-common_0.9.4-1woody6_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_arm.deb

Debian ethereal-common_0.9.4-1woody6_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_hppa.deb

Debian ethereal-common_0.9.4-1woody6_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_i386.deb

Debian ethereal-common_0.9.4-1woody6_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_ia64.deb

Debian ethereal-common_0.9.4-1woody6_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_m68k.deb

Debian ethereal-common_0.9.4-1woody6_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_mips.deb

Debian ethereal-common_0.9.4-1woody6_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_powerpc.deb

Debian ethereal-common_0.9.4-1woody6_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_s390.deb

Debian ethereal-common_0.9.4-1woody6_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_sparc.deb

Debian ethereal-dev_0.9.4-1woody6_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_alpha.deb

Debian ethereal-dev_0.9.4-1woody6_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_arm.deb

Debian ethereal-dev_0.9.4-1woody6_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_hppa.deb

Debian ethereal-dev_0.9.4-1woody6_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_i386.deb

Debian ethereal-dev_0.9.4-1woody6_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_ia64.deb

Debian ethereal-dev_0.9.4-1woody6_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_m68k.deb

Debian ethereal-dev_0.9.4-1woody6_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_mips.deb

Debian ethereal-dev_0.9.4-1woody6_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_mipsel.deb

Debian ethereal_0.9.4-1woody6_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_alpha.deb

Debian ethereal_0.9.4-1woody6_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_arm.deb

Debian ethereal_0.9.4-1woody6_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_hppa.deb

Debian ethereal_0.9.4-1woody6_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_i386.deb

Debian ethereal_0.9.4-1woody6_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_ia64.deb

Debian ethereal_0.9.4-1woody6_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_m68k.deb

Debian ethereal_0.9.4-1woody6_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_mips.deb

Debian ethereal_0.9.4-1woody6_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_mipsel.deb

Debian ethereal_0.9.4-1woody6_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_powerpc.deb

Debian ethereal_0.9.4-1woody6_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_s390.deb

Debian ethereal_0.9.4-1woody6_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_sparc.deb

Debian tethereal_0.9.4-1woody6_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_alpha.deb

Debian tethereal_0.9.4-1woody6_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_arm.deb

Debian tethereal_0.9.4-1woody6_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_hppa.deb

Debian tethereal_0.9.4-1woody6_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_i386.deb

Debian tethereal_0.9.4-1woody6_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_ia64.deb

Debian tethereal_0.9.4-1woody6_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_m68k.deb

Debian tethereal_0.9.4-1woody6_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_mips.deb

Debian tethereal_0.9.4-1woody6_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_mipsel.deb

Debian tethereal_0.9.4-1woody6_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_powerpc.deb

Debian tethereal_0.9.4-1woody6_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_s390.deb

Debian tethereal_0.9.4-1woody6_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_sparc.deb

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.5

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.6

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.7

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.8

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.9

Ethereal Group Ethereal 0.10.0
http://www.ethereal.com/download.html

Mandrake ethereal-0.10.0a-0.1.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php

Mandrake ethereal-0.10.0a-0.1.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php

SGI ProPack 2.3

SGI patch10043.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/

SGI ProPack 2.4

SGI patch10044.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0044.tar.gz