[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] buffer overflows in ethereal



Topic
=====
buffer overflows in ethereal may allow arbitrary cade execution

Problem Description
===================
Ethereal is a package designed for monitoring network traffic on your
system.
  
A buffer overflow in Ethereal 0.9.5 and earlier allows remote attackers
to cause a denial of service or execute arbitrary code via the ISIS
dissector.

Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers
to cause a denial of service or execute arbitrary code via (1) the BGP
dissector, or (2) the WCP dissector.

Ethereal 0.9.4 and earlier allows remote attackers to cause a denial
of service and possibly execute arbitrary code via the (1) SOCKS, (2)
RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core
dump.

Affected Systems
================
ethereal version 0.9.5 and earlier

Solution
========
upgrade to ethereal 0.9.6 or patched version for your distribution

RedHat 7.2
----------
rpm -Fvh ethereal-0.9.6-0.72.0.i386.rpm ethereal-gnome-0.9.6-0.72.0.i386.rpm

RedHat 7.3
----------
rpm -Fvh ethereal-0.9.6-0.73.0.i386.rpm ethereal-gnome-0.9.6-0.73.0.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to ethereal_0.8.0-4potato.1_i386.deb

Debian 3.0 (woody)
------------------
upgrade to ethereal_0.9.4-1woody2_i386.deb,
           ethereal-common_0.9.4-1woody2_i386.deb,
           ethereal/ethereal-dev_0.9.4-1woody2_i386.deb,
           tethereal_0.9.4-1woody2_i386.deb