|
|
Family: Debian Local Security Checks --> Category: infos
[DSA324] DSA-324-1 ethereal Vulnerability Scan
Vulnerability Scan Summary
DSA-324-1 ethereal
Detailed Explanation for this Vulnerability Test
Several of the packet dissectors in ethereal contain string handling
bugs which could be exploited using a maliciously crafted packet to
cause ethereal to consume excessive amounts of memory, crash, or
execute arbitrary code.
These vulnerabilities were announced in the following Ethereal security
advisory:
"http://www.ethereal.com/appnotes/enpa-sa-00010.html"
Ethereal 0.9.4 in Debian 3.0 (woody) is affected by most of the
problems described in the advisory, including:
The following problems do not affect this version:
as these modules are not present.
For the stable distribution (woody) these problems have been fixed in
version 0.9.4-1woody5.
For the old stable distribution (potato) these problems will be fixed in a
future advisory.
For the unstable distribution (sid) these problems are fixed in
version 0.9.13-1.
We recommend that you update your ethereal package.
Solution : http://www.debian.org/security/2003/dsa-324
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
