Multiple vulnerabilities including one buffer overflow exist in Ethereal, which may allow an attacker to run arbitrary code or crash the program.
|Package||net-analyzer/ethereal on all architectures|
|Affected versions||<= 0.10.3|
|Unaffected versions||>= 0.10.4|
Ethereal is a feature rich network protocol analyzer.
There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.4, including:
An attacker could use these vulnerabilities to crash Ethereal or even execute arbitrary code with the permissions of the user running Ethereal, which could be the root user.
For a temporary workaround you can disable all affected protocol dissectors by selecting Analyze->Enabled Protocols... and deselecting them from the list. However, it is strongly recommended to upgrade to the latest stable release.
All Ethereal users should upgrade to the latest stable version:
# emerge sync # emerge -pv ">=net-analyzer/ethereal-0.10.4" # emerge ">=net-analyzer/ethereal-0.10.4"
June 04, 2004
May 22, 2006: 02