安全研究
安全漏洞
Wireshark多个协议处理模块拒绝服务漏洞
发布日期:2006-10-27
更新日期:2006-10-30
受影响系统:
Wireshark Wireshark 0.9.8 - 0.99.3不受影响系统:
Wireshark Wireshark 0.99.4描述:
BUGTRAQ ID: 20762
CVE(CAN) ID: CVE-2006-5468,CVE-2006-5740,CVE-2006-4805,CVE-2006-5469,CVE-2006-4574
Wireshark以前名为Ethereal,是一款非常流行的网络协议分析工具。
Wireshark的HTTP、LDAP、XOT、WBXML和MIME的协议解析器存在多个漏洞,Wireshark在处理相关协议的畸形报文时会消耗大量内存,导致拒绝服务。
<*来源:Wireshark (http://www.wireshark.org/)
链接:http://secunia.com/advisories/22590/
http://www.wireshark.org/security/wnpa-sec-2006-03.html
http://www.debian.org/security/2006/dsa-1201
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1201-1)以及相应补丁:
DSA-1201-1:New ethereal packages fix denial of service
链接:http://www.debian.org/security/2005/dsa-1201
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.dsc
Size/MD5 checksum: 855 4111fa99ac63f549e0ed3e2db668e542
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.diff.gz
Size/MD5 checksum: 178221 6566de4d9fc112f25f6bfaf45ad77faa
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c
Alpha architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_alpha.deb
Size/MD5 checksum: 543092 c89ff6f8bdc7e6f7eb2650d5076f03e6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_alpha.deb
Size/MD5 checksum: 5476386 e2a8e648f15a347d05f5e5cd624edb4c
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_alpha.deb
Size/MD5 checksum: 154592 5e0d5c37c0cc589d05d6e748e51e03ea
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_alpha.deb
Size/MD5 checksum: 106306 f23e0e55dc96d7bdcb0fb95cdfba5548
AMD64 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_amd64.deb
Size/MD5 checksum: 486550 ffd006375c90a4d059af7a024188776e
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_amd64.deb
Size/MD5 checksum: 5334530 341c8645167abbae9ae6147b83649edb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_amd64.deb
Size/MD5 checksum: 154598 b1d1d14d3d41120c1c5c65ce89f08ab2
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_amd64.deb
Size/MD5 checksum: 99588 fdf5d3d8677e03c3edf2cfff04fba4ec
ARM architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_arm.deb
Size/MD5 checksum: 473062 9a901ea673c269ccbf41ecdff1df53dd
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_arm.deb
Size/MD5 checksum: 4688102 09120393788e912b7ac18182b09fcd2e
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_arm.deb
Size/MD5 checksum: 154596 e539e5c413c0c39957c0abb9b34c9cfb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_arm.deb
Size/MD5 checksum: 95664 2131328ee58a900aedf3766ddbbfc98e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_i386.deb
Size/MD5 checksum: 443698 7693be67596d17632cf4723f8a54d047
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_i386.deb
Size/MD5 checksum: 4529248 0139a1d19b4957c004df779e38a24a59
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_i386.deb
Size/MD5 checksum: 154592 9c0525063d401ee054b27ce38d634e33
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_i386.deb
Size/MD5 checksum: 90942 96abf559fb9430b1692d2d90a66ecc5c
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_ia64.deb
Size/MD5 checksum: 674472 4abd34b813b05e024043da18bb3e402c
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_ia64.deb
Size/MD5 checksum: 6630134 99f54db4831942d42296ab0a95342478
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_ia64.deb
Size/MD5 checksum: 154594 97f03089c5a2f20ba38344f6cec55b30
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_ia64.deb
Size/MD5 checksum: 129198 1112f7607579fcd8b9ca08f71343f634
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_m68k.deb
Size/MD5 checksum: 447802 232f5842aa0e6adb46d20a7bb185f96d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_m68k.deb
Size/MD5 checksum: 5565136 fb513962f4e20d66c623a73b5ee9e885
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_m68k.deb
Size/MD5 checksum: 154662 a3b9b1d5863b3aa898f0cc99c1cd6698
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_m68k.deb
Size/MD5 checksum: 90952 dd7d57c87b84651cf379e89001605323
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mips.deb
Size/MD5 checksum: 462804 d4684b24816cc54d47cfad4ce32bd0b5
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mips.deb
Size/MD5 checksum: 4723362 7656bd956876056e532df9ecaec97471
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mips.deb
Size/MD5 checksum: 154588 8645620716b8d688475fd2ca631ab986
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mips.deb
Size/MD5 checksum: 94788 40066b71cfc3a122453e130e537c2302
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mipsel.deb
Size/MD5 checksum: 458076 1ac138ade7fd91253806ae4d8480154b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mipsel.deb
Size/MD5 checksum: 4460986 7e9ca725df417dae65208e865ea329d6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mipsel.deb
Size/MD5 checksum: 154606 ce8c4b32631676bc7817c3f4dfa5f6ca
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mipsel.deb
Size/MD5 checksum: 94696 d9525ded73ae609c0dc7672f1279626a
PowerPC architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_powerpc.deb
Size/MD5 checksum: 455752 8e5806f6f6a86f8b066c6366fbdaacfe
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_powerpc.deb
Size/MD5 checksum: 5067972 c832d4ee9e201fffe698c4e5e8c064d6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_powerpc.deb
Size/MD5 checksum: 154602 ec05dd9cb9fda2cb532fc4a02b73870d
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_powerpc.deb
Size/MD5 checksum: 94360 811445845ed5bc677c68597f4dc57553
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_s390.deb
Size/MD5 checksum: 479716 1f9523a1563752c8b3f3ae3b77ee9e15
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_s390.deb
Size/MD5 checksum: 5621732 36e4ce1ddaf99edf598933bc8af19c7b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_s390.deb
Size/MD5 checksum: 154590 5b08647010fc5275a27ded68e63d4859
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_s390.deb
Size/MD5 checksum: 99946 93cb4151f77499728d2734c64a04f8c2
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
Wireshark
---------
http://www.debian.org/security/2006/dsa-1201
浏览次数:3534
严重程度:0(网友投票)
绿盟科技给您安全的保障