Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200503-16 ] Ethereal: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Moderator
Moderator


Joined: 13 Jun 2003
Posts: 4078
Location: Barcelona, Spain

PostPosted: Sat Mar 12, 2005 5:02 pm    Post subject: [ GLSA 200503-16 ] Ethereal: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: Ethereal: Multiple vulnerabilities (GLSA 200503-16)
Severity: high
Exploitable: remote
Date: March 12, 2005
Updated: May 22, 2006
Bug(s): #84547
ID: 200503-16

Synopsis


Multiple vulnerabilities exist in Ethereal, which may allow an attacker to
run arbitrary code or crash the program.


Background


Ethereal is a feature rich network protocol analyzer.


Affected Packages

Package: net-analyzer/ethereal
Vulnerable: < 0.10.10
Unaffected: >= 0.10.10
Architectures: All supported architectures


Description


There are multiple vulnerabilities in versions of Ethereal earlier than
0.10.10, including:
  • The Etheric, 3GPP2 A11 and IAPP dissectors are vulnerable to buffer
    overflows (CAN-2005-0704, CAN-2005-0699 and CAN-2005-0739).
  • The GPRS-LLC could crash when the "ignore cipher bit" option is
    enabled (CAN-2005-0705).
  • Various vulnerabilities in JXTA and sFlow dissectors.


Impact


An attacker might be able to use these vulnerabilities to crash
Ethereal and execute arbitrary code with the permissions of the user
running Ethereal, which could be the root user.


Workaround


For a temporary workaround you can disable all affected protocol
dissectors. However, it is strongly recommended that you upgrade to the
latest stable version.


Resolution


All Ethereal users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.10"


References

CAN-2005-0699
CAN-2005-0704
CAN-2005-0705
CAN-2005-0739
CVE-2005-0765
CVE-2005-0766
Ethereal enpa-sa-00018


Last edited by GLSA on Fri Dec 14, 2012 4:18 am; edited 8 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum