发布日期:2010-08-23
更新日期:2010-09-03受影响系统:
Wireshark Wireshark 1.2.0 - 1.2.9
Wireshark Wireshark 0.10.8 - 1.0.14
不受影响系统:
Wireshark Wireshark 1.2.10
Wireshark Wireshark 1.0.15
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 42618
CVE(CAN) ID: CVE-2010-2992,CVE-2010-2993,CVE-2010-2994,CVE-2010-2995Wireshark之前名为Ethereal,是一款非常流行的网络协议分析工具。Wireshark的GSM A RR和IPMI协议解析模块中存在死循环和空指针引用漏洞,SigComp Universal Decompressor Virtual Machine(UDVM)和ASN.1 BER协议解析模块中存在缓冲区溢出漏洞。用户受骗从网络抓取了恶意报文或打开了恶意抓包文件就可以触发这些漏洞,导致拒绝服务或执行任意代码。<*来源:Buildbot Builder (buildbot@wireshark.org)
链接:http://secunia.com/advisories/40783/
http://www.wireshark.org/security/wnpa-sec-2010-07.html
http://www.wireshark.org/security/wnpa-sec-2010-08.html
http://www.debian.org/security/2010/dsa-2101
*>建议:
--------------------------------------------------------------------------------
厂商补丁:Debian
------
Debian已经为此发布了一个安全公告(DSA-2101-1)以及相应补丁:
DSA-2101-1:New wireshark packages fix several vulnerabilities
链接:http://www.debian.org/security/2010/dsa-2101补丁下载:
Source archives:http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10.diff.gz
Size/MD5 checksum: 119766 5a4194b36f275740420e6976a3cf4801
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10.dsc
Size/MD5 checksum: 1506 8c8b1b6eb5746bb12f3a31606279d2a4alpha architecture (DEC Alpha)http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_alpha.deb
Size/MD5 checksum: 12098048 c6037e2144a2b606c89666a38bba255d
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_alpha.deb
Size/MD5 checksum: 127062 0ed9502cbcfafb5f40092dfb85bd1452
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_alpha.deb
Size/MD5 checksum: 731182 7d68066a76be15c23097c467591a71d7
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_alpha.deb
Size/MD5 checksum: 570002 ef363dd7b6e59f55ac352dd7f476271famd64 architecture (AMD x86_64 (AMD64))http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_amd64.deb
Size/MD5 checksum: 659672 93affb6b939d97543c0a2ee094eb7bcf
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_amd64.deb
Size/MD5 checksum: 11867538 e26471505e2511c44915167d9df30b2c
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_amd64.deb
Size/MD5 checksum: 119270 3507f87aae6c6eb333f5d6675557ffea
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_amd64.deb
Size/MD5 checksum: 568816 5c2bde00638f8be32513abe1c9b861f9arm architecture (ARM)http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_arm.deb
Size/MD5 checksum: 10214680 bc5423c9321f4790707c2be839f48029
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_arm.deb
Size/MD5 checksum: 111310 3c7a4f2daba42dec5e4e5b0cad3c8ba4
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_arm.deb
Size/MD5 checksum: 614450 ba489525ee84174cf3e9fb7a40f89d14
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_arm.deb
Size/MD5 checksum: 584538 1a02fc4e91ce9d386bb8ed1e7902c280armel architecture (ARM EABI)http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_armel.deb
Size/MD5 checksum: 620126 27ace8479a33a8d685f019fa563d3afa
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_armel.deb
Size/MD5 checksum: 10219808 ef603f9abcd981feb550a6f328592eba
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_armel.deb
Size/MD5 checksum: 586342 7929f0643a92cb084568da2e32ada209
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_armel.deb
Size/MD5 checksum: 113602 e459df96b13b2321ea4ac2b7ca055a55hppa architecture (HP PA RISC)http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_hppa.deb
Size/MD5 checksum: 121180 7cc1f3a0fe508449031c851142b5c4d3
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_hppa.deb
Size/MD5 checksum: 13271640 6bbfc0d14d3bb8c46b35a40523139c5f
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_hppa.deb
Size/MD5 checksum: 584306 c77db073cd347903377d301d656ec3b6
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_hppa.deb
Size/MD5 checksum: 694870 5c35736053a02a728cc9263cea544118i386 architecture (Intel ia32)http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_i386.deb
Size/MD5 checksum: 583572 3c416afdc0bed67389798748ac82dab1
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_i386.deb
Size/MD5 checksum: 619668 b279bae201515f07f50b789fe9208ee3
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_i386.deb
Size/MD5 checksum: 111708 bd19cc8a584292771ce8b37a934b6759
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_i386.deb
Size/MD5 checksum: 10109862 4a6846b885178fd578ecc6dc3b284172ia64 architecture (Intel ia64)http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_ia64.deb
Size/MD5 checksum: 568824 dabad8c92b646ce5bdf5ac4369593b1a
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_ia64.deb
Size/MD5 checksum: 154666 185f3441d66fcf3ce9c781dc061e4961
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_ia64.deb
Size/MD5 checksum: 931572 a74e996b87300057ef62722bdccf072c
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_ia64.deb
Size/MD5 checksum: 13684804 ec46eeb74513b1c42288f0c186313505mips architecture (MIPS (Big Endian))http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_mips.deb
Size/MD5 checksum: 10424544 8f76ad6d63aecdb627850b2729655b3e
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_mips.deb
Size/MD5 checksum: 636682 909599c2175d06ba483baac5fbef9715
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_mips.deb
Size/MD5 checksum: 113264 333e8a51080d13136689b9786e4d0061
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_mips.deb
Size/MD5 checksum: 585810 921806111c71ed490ff18e05ef5383c7mipsel architecture (MIPS (Little Endian))http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_mipsel.deb
Size/MD5 checksum: 113454 9602da05aa4bc7a22432bcd720660cc0
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_mipsel.deb
Size/MD5 checksum: 570006 1e8cb3f56fa73956d52268d237c15baf
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_mipsel.deb
Size/MD5 checksum: 627162 2ef6443e548130d6d7f3e7bdf0176b6a
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_mipsel.deb
Size/MD5 checksum: 9729736 fa8030ec05b4e395f0ba3c90ee670e46powerpc architecture (PowerPC)http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_powerpc.deb
Size/MD5 checksum: 582794 f2e0c6a4336e42c023c4f1db3dc00dd8
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_powerpc.deb
Size/MD5 checksum: 677742 0dda6ce349cf9e844e7ba074765ab682
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_powerpc.deb
Size/MD5 checksum: 11220016 5e5f2754bef30795bdab7486c5dd8a72
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_powerpc.deb
Size/MD5 checksum: 122572 ac15689cd78a06ac3472760c10a253afs390 architecture (IBM S/390)http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_s390.deb
Size/MD5 checksum: 12488184 b916661193fbbdef2e6838f5e144e0c4
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_s390.deb
Size/MD5 checksum: 122150 fa1d1a623a2cd95b2d59f5d910226086
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_s390.deb
Size/MD5 checksum: 569966 9c91e4417d2860da5e9903410f92d775
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_s390.deb
Size/MD5 checksum: 671588 c2f017d2cb7bdd3a8c7c5f85aef2df6fsparc architecture (Sun SPARC/UltraSPARC)http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_sparc.deb
Size/MD5 checksum: 11287328 d4bb52efa605646c1c207565c9c1eb77
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_sparc.deb
Size/MD5 checksum: 583744 803661967720b8f8d048844afef3a6b3
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_sparc.deb
Size/MD5 checksum: 113520 0f733a8ef1549c573cf4055ee37e1842
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_sparc.deb
Size/MD5 checksum: 629600 f7ed1aa09cb192c7d8f844cfc7fae2bc补丁安装方法:1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgradeWireshark
---------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:http://www.wireshark.org/TANDBERG MXP系列SNMP报文远程拒绝服务漏洞Apple QuickTime FlashPix编码文件NumberOfTiles整数溢出漏洞相关资讯 漏洞
- 快递官网漏洞泄露 1400 万用户信息 (08/12/2014 08:37:42)
- 要389目录服务器访问绕过漏洞 (10/01/2012 09:18:08)
- ASUS Net4Switch "ipswcom.dll" (03/02/2012 09:32:42)
| - 软件漏洞是一笔大买卖! (10/06/2012 08:28:32)
- PHPCMS V9.1.13任意文件包含漏洞分 (08/01/2012 07:23:17)
- Open Handset Alliance Android (03/01/2012 06:59:34)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
- 参与本评论即表明您已经阅读并接受上述条款
|
易网时代-编程资源站