• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Ethereal Q.931 Protocol Dissector Denial of Service Vulnerability

Solution:
The vendor has released Ethereal 0.10.0 to address this issue.

Red Hat has released an advisory (RHSA-2004:002-02) to address this vulnerability in Red Hat enterprise products. Customers subscribed to the Red Hat Network may obtain appropriate updates using the Red Hat Update Agent "up2date". Further details can be found in the referenced advisory.

RedHat has released an advisory FEDORA-2003-040 for Fedora Core 1. Please see the referenced advisory for more information.

Debian has released security advisory DSA 407-1 to address this issue. See referenced advisory for additional details.

RedHat has released security advisory RHSA-2004:001-01 to address this issue. See referenced advisory for additional details.

Conectiva has released security advisory CLA-2004:801 to address this issue. See referenced advisory for additional details.

Mandrake has released advisory MDKSA-2004:002 to address this issue.

SGI has released an advisory 20040103-01-U with fixes to address this and other issues. Please see the referenced advisory for more information.

SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below:


RedHat ethereal-0.9.8-6.i386.rpm

• RedHat ethereal-0.10.0a-0.90.1.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/ethereal-0.10.0a-0.90.1.i386.rpm

RedHat ethereal-gnome-0.9.8-6.i386.rpm

• RedHat ethereal-gnome-0.10.0a-0.90.1.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/ethereal-gnome-0.10.0a-0.90.1.i3 86.rpm

Ethereal Group Ethereal 0.9

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.1

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.10

• Conectiva ethereal-0.10.0a-27097U90_1cl.i386.rpm
  Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
  ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-0.10.0a-27097U90_1 cl.i386.rpm


• Conectiva ethereal-common-0.10.0a-27097U90_1cl.i386.rpm
  Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
  ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-common-0.10.0a-270 97U90_1cl.i386.rpm


• Conectiva ethereal-gtk-0.10.0a-27097U90_1cl.i386.rpm
  Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
  ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-gtk-0.10.0a-27097U 90_1cl.i386.rpm


• Conectiva ethereal-utils-0.10.0a-27097U90_1cl.i386.rpm
  Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
  ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-utils-0.10.0a-2709 7U90_1cl.i386.rpm


• Conectiva tethereal-0.10.0a-27097U90_1cl.i386.rpm
  Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
  ftp://atualizacoes.conectiva.com.br/9/RPMS/tethereal-0.10.0a-27097U90_ 1cl.i386.rpm


• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.11

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.12

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.13

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html


• Mandrake ethereal-0.10.0a-0.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php

Ethereal Group Ethereal 0.9.14

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.15

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.16

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.2

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.3

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.4

• Conectiva ethereal-0.10.0a-1U80_1cl.i386.rpm
  Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-0.10.0a-1U80_1cl.i 386.rpm


• Conectiva ethereal-common-0.10.0a-1U80_1cl.i386.rpm
  Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-common-0.10.0a-1U8 0_1cl.i386.rpm


• Conectiva ethereal-gtk-0.10.0a-1U80_1cl.i386.rpm
  Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-gtk-0.10.0a-1U80_1 cl.i386.rpm


• Conectiva ethereal-utils-0.10.0a-1U80_1cl.i386.rpm
  Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
  ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-utils-0.10.0a-1U80 _1cl.i386.rpm


• Conectiva tethereal-0.10.0a-1U80_1cl.i386.rpm
  Although these are upgrades the apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade
  ftp://atualizacoes.conectiva.com.br/8/RPMS/tethereal-0.10.0a-1U80_1cl. i386.rpm


• Debian ethereal-common_0.9.4-1woody6_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_alpha.deb


• Debian ethereal-common_0.9.4-1woody6_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_arm.deb


• Debian ethereal-common_0.9.4-1woody6_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_hppa.deb


• Debian ethereal-common_0.9.4-1woody6_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_i386.deb


• Debian ethereal-common_0.9.4-1woody6_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_ia64.deb


• Debian ethereal-common_0.9.4-1woody6_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_m68k.deb


• Debian ethereal-common_0.9.4-1woody6_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_mips.deb


• Debian ethereal-common_0.9.4-1woody6_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_powerpc.deb


• Debian ethereal-common_0.9.4-1woody6_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_s390.deb


• Debian ethereal-common_0.9.4-1woody6_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-commo n_0.9.4-1woody6_sparc.deb


• Debian ethereal-dev_0.9.4-1woody6_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_alpha.deb


• Debian ethereal-dev_0.9.4-1woody6_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_arm.deb


• Debian ethereal-dev_0.9.4-1woody6_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_hppa.deb


• Debian ethereal-dev_0.9.4-1woody6_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_i386.deb


• Debian ethereal-dev_0.9.4-1woody6_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_ia64.deb


• Debian ethereal-dev_0.9.4-1woody6_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_m68k.deb


• Debian ethereal-dev_0.9.4-1woody6_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_mips.deb


• Debian ethereal-dev_0.9.4-1woody6_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0 .9.4-1woody6_mipsel.deb


• Debian ethereal_0.9.4-1woody6_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_alpha.deb


• Debian ethereal_0.9.4-1woody6_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_arm.deb


• Debian ethereal_0.9.4-1woody6_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_hppa.deb


• Debian ethereal_0.9.4-1woody6_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_i386.deb


• Debian ethereal_0.9.4-1woody6_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_ia64.deb


• Debian ethereal_0.9.4-1woody6_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_m68k.deb


• Debian ethereal_0.9.4-1woody6_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_mips.deb


• Debian ethereal_0.9.4-1woody6_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_mipsel.deb


• Debian ethereal_0.9.4-1woody6_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_powerpc.deb


• Debian ethereal_0.9.4-1woody6_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_s390.deb


• Debian ethereal_0.9.4-1woody6_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4 -1woody6_sparc.deb


• Debian tethereal_0.9.4-1woody6_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_alpha.deb


• Debian tethereal_0.9.4-1woody6_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_arm.deb


• Debian tethereal_0.9.4-1woody6_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_hppa.deb


• Debian tethereal_0.9.4-1woody6_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_i386.deb


• Debian tethereal_0.9.4-1woody6_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_ia64.deb


• Debian tethereal_0.9.4-1woody6_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_m68k.deb


• Debian tethereal_0.9.4-1woody6_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_mips.deb


• Debian tethereal_0.9.4-1woody6_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_mipsel.deb


• Debian tethereal_0.9.4-1woody6_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_powerpc.deb


• Debian tethereal_0.9.4-1woody6_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_s390.deb


• Debian tethereal_0.9.4-1woody6_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9. 4-1woody6_sparc.deb


• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.5

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.6

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.7

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.8

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html

Ethereal Group Ethereal 0.9.9

• Ethereal Group Ethereal 0.10.0
  http://www.ethereal.com/download.html


• Mandrake ethereal-0.10.0a-0.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ethereal-0.10.0a-0.1.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php

SGI ProPack 2.3

• SGI patch10043.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/

SGI ProPack 2.4

• SGI patch10044.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0044.tar.gz