Multiple vulnerabilities including one buffer overflow exist in Ethereal, which may allow an attacker to run arbitrary code or crash the program.
Package | net-analyzer/ethereal on all architectures |
---|---|
Affected versions | <= 0.10.3 |
Unaffected versions | >= 0.10.4 |
Ethereal is a feature rich network protocol analyzer.
There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.4, including:
An attacker could use these vulnerabilities to crash Ethereal or even execute arbitrary code with the permissions of the user running Ethereal, which could be the root user.
For a temporary workaround you can disable all affected protocol dissectors by selecting Analyze->Enabled Protocols... and deselecting them from the list. However, it is strongly recommended to upgrade to the latest stable release.
All Ethereal users should upgrade to the latest stable version:
# emerge sync # emerge -pv ">=net-analyzer/ethereal-0.10.4" # emerge ">=net-analyzer/ethereal-0.10.4"
Release date
June 04, 2004
Latest revision
May 22, 2006: 02
Severity
high
Exploitable
remote
Bugzilla entries