blob: 93b1992155597c5c4b9c79ace5a1960486004a38 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200607-09">
<title>Wireshark: Multiple vulnerabilities</title>
Wireshark (formerly known as Ethereal) is vulnerable to several security
issues, potentially allowing the execution of arbitrary code by a remote
<product type="ebuild">wireshark ethereal</product>
<announced>July 25, 2006</announced>
<revised>July 25, 2006: 01</revised>
<package name="net-analyzer/wireshark" auto="yes" arch="*">
<unaffected range="ge">0.99.2</unaffected>
<vulnerable range="lt">0.99.2</vulnerable>
<package name="net-analyzer/ethereal" auto="yes" arch="*">
<vulnerable range="le">0.99.0-r1</vulnerable>
Wireshark, formerly known as Ethereal, is a popular network protocol
Wireshark dissectors have been found vulnerable to a large number of
exploits, including off-by-one errors, buffer overflows, format string
overflows and an infinite loop.
<impact type="high">
Running an affected version of Wireshark or Ethereal could allow for a
remote attacker to execute arbitrary code on the user's computer by
sending specially crafted packets.
There is no known workaround at this time.
All Wireshark users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-analyzer/wireshark-0.99.2&quot;</code>
All Ethereal users should migrate to Wireshark:
# emerge --sync
# emerge --ask --unmerge net-analyzer/ethereal
# emerge --ask --oneshot --verbose &quot;&gt;=net-analyzer/wireshark-0.99.2&quot;</code>
To keep the [saved] configuration from Ethereal and reuse it with
# mv ~/.ethereal ~/.wireshark</code>
<uri link="">Wireshark wnpa-sec-2006-01</uri>
<uri link="">CVE-2006-3627</uri>
<uri link="">CVE-2006-3628</uri>
<uri link="">CVE-2006-3629</uri>
<uri link="">CVE-2006-3630</uri>
<uri link="">CVE-2006-3631</uri>
<uri link="">CVE-2006-3632</uri>
<metadata tag="requester" timestamp="Wed, 19 Jul 2006 16:53:04 +0000">
<metadata tag="submitter" timestamp="Wed, 19 Jul 2006 18:04:14 +0000">
<metadata tag="bugReady" timestamp="Sat, 22 Jul 2006 20:10:22 +0000">