From a24567fbc43f221b14e805f9bc0b7c6d16911c46 Mon Sep 17 00:00:00 2001 From: Alex Legler Date: Sun, 8 Mar 2015 22:02:38 +0100 Subject: Import existing advisories --- glsa-200311-05.xml | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 glsa-200311-05.xml (limited to 'glsa-200311-05.xml') diff --git a/glsa-200311-05.xml b/glsa-200311-05.xml new file mode 100644 index 00000000..57ec9ae4 --- /dev/null +++ b/glsa-200311-05.xml @@ -0,0 +1,63 @@ + + + + + + + Ethereal: security problems in ethereal 0.9.15 + + Ethereal is vulnerable to heap and buffer overflows in the GTP, ISAKMP, + MEGACO, and SOCKS protocol dissectors. + + Ethereal + 2003-11-22 + 2003-11-22: 01 + 32691 + remote + + + 0.9.16 + 0.9.16 + + + +

+ Ethereal is a popular network protocol analyzer. +

+ + +

+ Ethereal contains buffer overflow vulnerabilities in the GTP, ISAKMP, and + MEGACO protocol dissectors, and a heap overflow vulnerability in the SOCKS + protocol dissector, which could cause Ethereal to crash or to execute + arbitrary code. +

+ + +

+ A remote attacker could craft a malformed packet which would cause Ethereal + to crash or run arbitrary code with the permissions of the user running + Ethereal. +

+ + +

+ There is no known workaround at this time, other than to disable the GTP, + ISAKMP, MEGACO, and SOCKS protocol dissectors. +

+ + +

+ It is recommended that all Gentoo Linux users who are running + net-analyzer/ethereal 0.9.x upgrade: +

+ + # emerge sync + # emerge -pv '>=net-analyzer/ethereal-0.9.16' + # emerge '>=net-analyzer/ethereal-0.9.16' + # emerge clean + + + Ethereal Security Advisory + + -- cgit v1.2.3-65-gdbad