首页 -> 安全研究
安全研究
安全漏洞
Ethereal DNS解析器远程拒绝服务攻击漏洞
发布日期:2002-05-23
更新日期:2002-05-28
受影响系统:
Ethereal Group Ethereal 0.9.3不受影响系统:
Ethereal Group Ethereal 0.9.2
Ethereal Group Ethereal 0.9.0
Ethereal Group Ethereal 0.9.1
- Caldera UnixWare 7
- Compaq Tru64 Unix 5.0
- HP HP-UX 11.0
- IBM AIX 5.1
- Linux系统
- Microsoft Windows XP
- Microsoft Windows NT
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000
- NetBSD 1.5
- OpenBSD 3.0
- SGI IRIX 6.0
- Sun Solaris 8.0
Ethereal Group Ethereal 0.9.4描述:
BUGTRAQ ID: 4807
CVE(CAN) ID: CVE-2002-0403
Ethereal是一款免费开放源代码的网络协议分析程序,可使用在Unix和Windows操作系统下。
Ethereal中的DNS剖析器在处理不正常DNS查询信息包时存在漏洞,可导致远程攻击者进行拒绝服务攻击。
攻击者可以构建畸形的DNS查询信息包发送到有Ethereal监听的网络中,当运行的Ethereal进程处理此类包时,可导致DNS解析器子程序进入无限循环而出现应用程序崩溃,使Ethereal不能继续工作。
<*链接:http://www.ethereal.com/appnotes/enpa-sa-00004.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000505
http://www.caldera.com/support/security/advisories/CSSA-2002-037.0.txt
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 关闭有漏洞的解析器。
厂商补丁:
Caldera
-------
Caldera已经为此发布了一个安全公告(CSSA-2002-037.0)以及相应补丁:
CSSA-2002-037.0:Linux: various packet handling vunerabilities in ethereal
链接:http://www.caldera.com/support/security/advisories/CSSA-2002-037.0.txt
补丁下载:
SCO RPM ethereal-0.9.4-1.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-037.0/RPMS/ethereal-0.9.4-1.i386.rpm
SCO RPM ethereal-0.9.4-1.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-037.0/RPMS/ethereal-0.9.4-1.i386.rpm
SCO RPM ethereal-0.9.4-1.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-037.0/RPMS/ethereal-0.9.4-1.i386.rpm
SCO RPM ethereal-0.9.4-1.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-037.0/RPMS/ethereal-0.9.4-1.i386.rpm
Conectiva
---------
Conectiva已经为此发布了一个安全公告(CLA-2002:505)以及相应补丁:
CLA-2002:505:ethereal
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000505
补丁下载:
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ethereal-0.9.5-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/ethereal-0.9.5-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ethereal-0.9.5-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/ethereal-0.9.5-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-0.9.5-1U8_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-common-0.9.5-1U8_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-gtk-0.9.5-1U8_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ethereal-utils-0.9.5-1U8_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/tethereal-0.9.5-1U8_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/ethereal-0.9.5-1U8_2cl.src.rpm
Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:
- 把以下的文本行加入到/etc/apt/sources.list文件中:
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(如果你不是使用6.0版本,用合适的版本号代替上面的6.0)
- 执行: apt-get update
- 更新以后,再执行: apt-get upgrade
Ethereal Group
--------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Ethereal Group Ethereal 0.9 .0:
Ethereal Group Upgrade ethereal-0.9.4.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.4.tar.gz
Ethereal Group Ethereal 0.9.1:
Ethereal Group Upgrade ethereal-0.9.4.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.4.tar.gz
Ethereal Group Ethereal 0.9.2:
Ethereal Group Upgrade ethereal-0.9.4.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.4.tar.gz
Ethereal Group Ethereal 0.9.3:
Ethereal Group Upgrade ethereal-0.9.4.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.4.tar.gz
浏览次数:3442
严重程度:0(网友投票)
绿盟科技给您安全的保障