1 2 3 4 5 6

Vulnerabilidades rss pdf

Coordinación de Seguridad de la Información - UNAM-CERT -- DGTIC-UNAM

Vulnerabilidad de Seguridad UNAM-CERT-2005-466 Debian liberó una actualización para ethereal.

Debian liberó una actualización para ethereal. Esta repara varias vulnerabilidades que pueden explotarse para ocasionar una negación de servicio (DoS) o comprometer un sistema vulnerable.

  • Fecha de Liberación: 10-Oct-2005
  • Ultima Revisión: 10-Oct-2005
  • Fuente:

    Debian Security Advisory
    DSA-853-1 ethereal
  • CVE ID: CAN-2005-2360 CAN-2005-2361 CAN-2005-2363 CAN-2005-2364 CAN-2005-2365 CAN-2005-2366 CAN-2005-2367
  • Riesgo Altamente crítico
  • Problema de Vulnerabilidad Remoto
  • Tipo de Vulnerabilidad Buffer overflow

Sistemas Afectados

Debian GNU/Linux 3.0 alias woody ethereal < 0.9.4-1woody13
Debian GNU/Linux 3.1 alias sarge ethereal < 0.10.10-2sarge3
Debian GNU/Linux unstable alias sid ethereal < 0.10.12-2

  1. Descripción

    Debian liberó una actualización para ethereal. Esta repara varias vulnerabilidades que pueden explotarse por personas maliciosas para ocasionar una negación de servicio (DoS) o comprometer un sistema vulnerable.

    • El disector de SMB podría desbordar o agotar la memoria.

    • iDefense encontró que varios disectores son vulnerables a desbordamientos por formato de cadena.

    • Otros errores que podrian tirar el sistema dentro de varios disectores también se han reparado.

  2. Impacto

    Negación de servicio (DoS).

    Acceso al sistema.

  3. Solución

    Aplicar los paquetes actualizados.

    Debian GNU/Linux 3.0 (woody)

    Codigo Fuente:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13.dsc
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13.diff.gz
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz

    Alpha:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_alpha.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_alpha.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_alpha.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_alpha.deb

    ARM:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_arm.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_arm.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_arm.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_arm.deb

    Intel IA-32:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_i386.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_i386.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_i386.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_i386.deb

    Intel IA-64:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_ia64.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_ia64.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_ia64.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_ia64.deb

    HPPA:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_hppa.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_hppa.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_hppa.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_hppa.deb

    Motorola 680x0:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_m68k.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_m68k.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_m68k.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_m68k.deb

    Big endian MIPS:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_mips.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_mips.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_mips.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_mips.deb

    Little endian MIPS:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_mipsel.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_mipsel.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_mipsel.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_mipsel.deb

    PowerPC:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_powerpc.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_powerpc.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_powerpc.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_powerpc.deb

    IBM S/390:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_s390.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_s390.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_s390.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_s390.deb

    Sun Sparc:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_sparc.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_sparc.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_sparc.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_sparc.deb

    Debian GNU/Linux 3.1 (sarge)

    Codigo Fuente:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3.dsc
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3.diff.gz
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz

    Alpha:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_alpha.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_alpha.deb

    AMD64:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_amd64.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_amd64.deb

    ARM:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_arm.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_arm.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_arm.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_arm.deb

    Intel IA-32:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_i386.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_i386.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_i386.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_i386.deb

    Intel IA-64:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_ia64.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_ia64.deb

    HPPA:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_hppa.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_hppa.deb

    Motorola 680x0:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_m68k.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_m68k.deb

    Big endian MIPS:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_mips.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_mips.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_mips.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_mips.deb

    Little endian MIPS:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_mipsel.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_mipsel.deb

    PowerPC:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_powerpc.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_powerpc.deb

    IBM S/390:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_s390.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_s390.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_s390.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_s390.deb

    Sun Sparc:
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_sparc.deb
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_sparc.deb

    Para la distribución unstable(sid) los problemas fueron corregidos en la versión 0.10.12-2.

  4. Apéndices

    Mayor información.

    http://www.debian.org/security/2005/dsa-853

La Coordinación de Seguridad de la Información/UNAM-CERT agradece el apoyo en la elaboración ó traducción y revisión de éste Documento a:

  • Floriberto López Velázquez (flopez at seguridad dot unam dot mx)

UNAM-CERT
Equipo de Respuesta a Incidentes UNAM
Coordinación de Seguridad de la Información

incidentes at seguridad.unam.mx
phishing at seguridad.unam.mx
http://www.cert.org.mx
http://www.seguridad.unam.mx
ftp://ftp.seguridad.unam.mx
Tel: 56 22 81 69
Fax: 56 22 80 47

Universidad Nacional Autonoma de México Aviso legal |  Créditos |  Staff |  Administración
Copyright © Todos los derechos reservados
UNAM - CERT