blob: 8cf94c2d595d755dd125bdd568a796186eea4a1e [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200604-17">
<title>Ethereal: Multiple vulnerabilities in protocol dissectors</title>
Ethereal is vulnerable to numerous vulnerabilities, potentially resulting
in the execution of arbitrary code.
<product type="ebuild">Ethereal</product>
<announced>April 27, 2006</announced>
<revised>April 27, 2006: 01</revised>
<package name="net-analyzer/ethereal" auto="yes" arch="*">
<unaffected range="ge">0.99.0</unaffected>
<vulnerable range="lt">0.99.0</vulnerable>
Ethereal is a feature-rich network protocol analyzer.
Coverity discovered numerous vulnerabilities in versions of
Ethereal prior to 0.99.0, including:
buffer overflows in the ALCAP (CVE-2006-1934), COPS (CVE-2006-1935)
and telnet (CVE-2006-1936) dissectors.</li>
<li>buffer overflows
in the NetXray/Windows Sniffer and Network Instruments file code
For further details please consult the
references below.
<impact type="high">
An attacker might be able to exploit these vulnerabilities to crash
Ethereal or execute arbitrary code with the permissions of the user
running Ethereal, which could be the root user.
There is no known workaround at this time.
All Ethereal users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-analyzer/ethereal-0.99.0&quot;</code>
<uri link="">CVE-2006-1932</uri>
<uri link="">CVE-2006-1933</uri>
<uri link="">CVE-2006-1934</uri>
<uri link="">CVE-2006-1935</uri>
<uri link="">CVE-2006-1936</uri>
<uri link="">CVE-2006-1937</uri>
<uri link="">CVE-2006-1938</uri>
<uri link="">CVE-2006-1939</uri>
<uri link="">CVE-2006-1940</uri>
<uri link="">Ethereal enpa-sa-00023</uri>
<metadata tag="submitter" timestamp="Tue, 25 Apr 2006 11:35:49 +0000">
<metadata tag="bugReady" timestamp="Thu, 27 Apr 2006 05:10:07 +0000">