受影响系统
Ethereal Group Ethereal 0.8.18
详细描述
- RedHat Linux 7.2
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 ia64
Ethereal Group Ethereal 0.9 .0
Ethereal Group Ethereal 0.9.1
- Compaq Tru64 5.0
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
- HP HP-UX 11.0
- IBM AIX 5.1
- Linux kernel 2.4
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP
- NetBSD NetBSD 1.5
- OpenBSD OpenSSH 3.0
- SCO Unixware 7.0
- SGI IRIX 6.0
- Sun Solaris 8.0
Ethereal Group Ethereal 0.9.2
Ethereal Group Ethereal 0.9.3
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 sparc
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3 i386
Ethereal Group Ethereal 0.9.4
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 sparc
Ethereal Group Ethereal 0.9.5
Ethereal Group Ethereal 0.9.6
Ethereal Group Ethereal 0.9.7
Ethereal Group Ethereal 0.9.8
+ RedHat Linux 7.2
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.3
+ RedHat Linux 7.3 i386
+ RedHat Linux 8.0
+ RedHat Linux 8.0 i386
Ethereal Group Ethereal 0.9.9
Ethereal是网络协议分析程序, NTLMSSP解析器是评估使用NTLM协议的包的机制。
其中在处理畸形NTLMSSP包的时候存在不明漏洞,可导致破破坏。存在执行任意命令可能。
测试代码
尚无
解决方案
补丁下载:
Ethereal Group Ethereal 0.8.18:
Ethereal Group Upgrade ethereal-0.9.10.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz
Ethereal Group Ethereal 0.9 .0:
Ethereal Group Upgrade ethereal-0.9.10.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz
Ethereal Group Ethereal 0.9.1:
Ethereal Group Upgrade ethereal-0.9.10.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz
Ethereal Group Ethereal 0.9.2:
Ethereal Group Upgrade ethereal-0.9.10.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz
Ethereal Group Ethereal 0.9.3:
Ethereal Group Upgrade ethereal-0.9.10.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz
Ethereal Group Ethereal 0.9.4:
Ethereal Group Upgrade ethereal-0.9.10.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz
Ethereal Group Ethereal 0.9.5:
Ethereal Group Upgrade ethereal-0.9.10.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz
Ethereal Group Ethereal 0.9.6:
Ethereal Group Upgrade ethereal-0.9.10.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz
Ethereal Group Ethereal 0.9.7:
Ethereal Group Upgrade ethereal-0.9.10.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz
Ethereal Group Ethereal 0.9.8:
Ethereal Group Upgrade ethereal-0.9.10.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz
Ethereal Group Ethereal 0.9.9:
Ethereal Group Upgrade ethereal-0.9.10.tar.gz
http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz
相关信息
Ethereal Group
参考:http://www.securityfocus.com/advisories/5076
相关主页:http://www.ethereal.com/appnotes/enpa-sa-00008.html
文章来源于领测软件测试网 https://www.ltesting.net/
版权所有(C) 2003-2010 TestAge(领测软件测试网)|领测国际科技(北京)有限公司|软件测试工程师培训网 All Rights Reserved
北京市海淀区中关村南大街9号北京理工科技大厦1402室 京ICP备10010545号-5
技术支持和业务联系:info@testage.com.cn 电话:010-51297073