[ilugd] (fwd) [SECURITY] [ GLSA 200507-27 ] Ethereal: Multiple vulnerabilities

2005-07-28 Thread Raj Mathur 
[Please upgrade ethereal on all distributions -- Raju]

This is an RFC 1153 digest.
(1 message)
--

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary1826779684==
Message-Id: [EMAIL PROTECTED]
From: Sune Kloppenborg Jeppesen [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
To: gentoo-announce@gentoo.org
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com,
[EMAIL PROTECTED]
Subject: [Full-disclosure] [ GLSA 200507-27 ] Ethereal: Multiple
vulnerabilities
Date: Thu, 28 Jul 2005 07:35:48 +0200

--===1826779684==
Content-Type: multipart/signed; boundary=nextPart6224205.J3oUPQInd6;
protocol=application/pgp-signature; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart6224205.J3oUPQInd6
Content-Type: text/plain;
  charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200507-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
 Title: Ethereal: Multiple vulnerabilities
  Date: July 28, 2005
  Bugs: #100316
ID: 200507-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


Ethereal is vulnerable to numerous vulnerabilities potentially
resulting in the execution of arbitrary code or abnormal termination.

Background
==

Ethereal is a feature-rich network protocol analyzer.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  net-analyzer/ethereal   0.10.12   = 0.10.12

Description
===

There are numerous vulnerabilities in versions of Ethereal prior to
0.10.12, including:

* The SMB dissector could overflow a buffer or exhaust memory
  (CAN-2005-2365).

* iDEFENSE discovered that several dissectors are vulnerable to
  format string overflows (CAN-2005-2367).

* Additionally multiple potential crashes in many dissectors have
  been fixed, see References for further details.

Impact
==

An attacker might be able to use these vulnerabilities to crash
Ethereal or execute arbitrary code with the permissions of the user
running Ethereal, which could be the root user.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Ethereal users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =net-analyzer/ethereal-0.10.12

References
==

  [ 1 ] Ethereal enpa-sa-00020
http://www.ethereal.com/appnotes/enpa-sa-00020.html
  [ 2 ] CAN-2005-2360
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2360
  [ 3 ] CAN-2005-2361
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2361
  [ 4 ] CAN-2005-2362
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2362
  [ 5 ] CAN-2005-2363
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2363
  [ 6 ] CAN-2005-2364
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2364
  [ 7 ] CAN-2005-2365
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2365
  [ 8 ] CAN-2005-2366
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2366
  [ 9 ] CAN-2005-2367
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2367

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200507-27.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

--nextPart6224205.J3oUPQInd6
Content-Type: application/pgp-signature

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBC6G66zKC5hMHO6rkRAjSQAKCPwIZGKRCS3wFY6J+C1sT59QbtJwCePTOV
IuSTcAxpl76Gj7aNxmW9ifU=
=Kz7V
-END PGP SIGNATURE-

--nextPart6224205.J3oUPQInd6--

--===1826779684==
Content-Type: text/plain; charset=us-ascii
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

___

Re: [ilugd] Trouble Setting Up external modem on Ubuntu

2005-07-28 Thread Ankur Rohatgi 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/27/2005 10:56 AM, Ramnarayan.K wrote:

 When I double click the modem interface icon I can here the modem
 coming on  but no dialing follows and this repeats it self

I would lookup your modem AT commands and disable the wait for dial tone
setting. If i remember correctly ATX3 used to do that, you can add this
to your init string and see.

- - Ankur.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC6H6BbR7mO5apBYARAkjPAJ9bJE+znknChPTu73Jqwc2UJqlWPwCg1m0i
g3BveRIVXUoSpLlSWv8NTNA=
=9oKq
-END PGP SIGNATURE-

___
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

[ilugd] RHEL License issue

2005-07-28 Thread Ritesh Agarwal 
Dear All ,

  Can we installed single copy of RHEL v3.0 in more than one server.Is it legal 
? Except it we downloaded RHEL v 4.0 from RHN through redhat's subscrition 
model and using it in our produion servers(more than one).Is the subscription 
licence and EULA are diffrent for purchased copy and dowloaded copy?
  According to  EULA , we are restricted to redistribute or resell RHEL with 
Redhat trademarks.But unable to find license policies for multiple installation 
from single copy of RHEL. (http://www.redhat.com/licenses/rhel_rha_eula.html)

What's yr suggestions ?.

-- 
Regards
Ritesh Agrawal



___
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

Re: [ilugd] RHEL License issue

2005-07-28 Thread Anand Kapoor 
AFAIK, you can install it in multiple places (as in there is nothing
restricting the actually install) however the up2date wouldnt work
from more than one location and you would be forced to login to RHN
and manually download updates. (Because it is a royal pain to get yum
on RHEL !)

However  I am not sure what the actual  legal position for this is. 

Anand K

On 7/28/05, Ritesh Agarwal [EMAIL PROTECTED] wrote:
 Dear All ,
 
  Can we installed single copy of RHEL v3.0 in more than one server.Is it 
 legal ? Except it we downloaded RHEL v 4.0 from RHN through redhat's 
 subscrition model and using it in our produion servers(more than one).Is the 
 subscription licence and EULA are diffrent for purchased copy and dowloaded 
 copy?
  According to  EULA , we are restricted to redistribute or resell RHEL with 
 Redhat trademarks.But unable to find license policies for multiple 
 installation from single copy of RHEL. 
 (http://www.redhat.com/licenses/rhel_rha_eula.html)
 
 What's yr suggestions ?.
 
 --
 Regards
 Ritesh Agrawal
 
 
 
 ___
 ilugd mailinglist -- ilugd@lists.linux-delhi.org
 http://frodo.hserus.net/mailman/listinfo/ilugd
 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
 http://www.mail-archive.com/ilugd@lists.linux-delhi.org/


___
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/