blob: aad9e9816cff61036f8d43e6df03bf04cd5f3a8a [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<glsa id="200311-05">
<title>Ethereal: security problems in ethereal 0.9.15</title>
Ethereal is vulnerable to heap and buffer overflows in the GTP, ISAKMP,
MEGACO, and SOCKS protocol dissectors.
<product type="ebuild">Ethereal</product>
<revised>2003-11-22: 01</revised>
<package name="net-analyzer/ethereal" auto="yes" arch="*">
<unaffected range="ge">0.9.16</unaffected>
<vulnerable range="lt">0.9.16</vulnerable>
Ethereal is a popular network protocol analyzer.
Ethereal contains buffer overflow vulnerabilities in the GTP, ISAKMP, and
MEGACO protocol dissectors, and a heap overflow vulnerability in the SOCKS
protocol dissector, which could cause Ethereal to crash or to execute
arbitrary code.
<impact type="normal">
A remote attacker could craft a malformed packet which would cause Ethereal
to crash or run arbitrary code with the permissions of the user running
There is no known workaround at this time, other than to disable the GTP,
ISAKMP, MEGACO, and SOCKS protocol dissectors.
It is recommended that all Gentoo Linux users who are running
net-analyzer/ethereal 0.9.x upgrade:
# emerge sync
# emerge -pv '&gt;=net-analyzer/ethereal-0.9.16'
# emerge '&gt;=net-analyzer/ethereal-0.9.16'
# emerge clean</code>
<uri link="">Ethereal Security Advisory</uri>