|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200406-01] Ethereal: Multiple security problems Vulnerability Scan
Vulnerability Scan Summary Ethereal: Multiple security problems
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200406-01
(Ethereal: Multiple security problems)
There are multiple vulnerabilities in versions of Ethereal earlier than
0.10.4, including:
A buffer overflow in the MMSE dissector.
Under specific conditions a SIP packet could make Ethereal crash.
The AIM dissector could throw an assertion, causing Ethereal to
crash.
The SPNEGO dissector could dereference a null pointer, causing a
crash.
Impact
A possible hacker could use these vulnerabilities to crash Ethereal or even
execute arbitrary code with the permissions of the user running Ethereal,
which could be the root user.
Workaround
For a temporary workaround you can disable all affected protocol dissectors
by selecting Analyze->Enabled Protocols... and deselecting them from the
list. However, it is strongly recommended to upgrade to the latest stable
release.
References:
http://www.ethereal.com/appnotes/enpa-sa-00014.html
Solution:
All Ethereal users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=net-analyzer/ethereal-0.10.4"
# emerge ">=net-analyzer/ethereal-0.10.4"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|