10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.033 Low
EPSS
Percentile
91.2%
Ethereal is a feature rich network protocol analyzer.
There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.4, including:
An attacker could use these vulnerabilities to crash Ethereal or even execute arbitrary code with the permissions of the user running Ethereal, which could be the root user.
For a temporary workaround you can disable all affected protocol dissectors by selecting Analyze->Enabled Protocols… and deselecting them from the list. However, it is strongly recommended to upgrade to the latest stable release.
All Ethereal users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=net-analyzer/ethereal-0.10.4"
# emerge ">=net-analyzer/ethereal-0.10.4"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-analyzer/ethereal | <= 0.10.3 | UNKNOWN |