Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200412-15
HistoryDec 19, 2004 - 12:00 a.m.

Ethereal: Multiple vulnerabilities

2004-12-1900:00:00
Gentoo Foundation
security.gentoo.org
6

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

89.9%

JSON

Background

Ethereal is a feature rich network protocol analyzer.

Description

There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.8, including:

  • Bug in DICOM dissection discovered by Bing could make Ethereal crash (CAN 2004-1139).
  • An invalid RTP timestamp could make Ethereal hang and create a large temporary file (CAN 2004-1140).
  • The HTTP dissector could access previously-freed memory (CAN 2004-1141).
  • Brian Caswell discovered that an improperly formatted SMB could make Ethereal hang (CAN 2004-1142).

Impact

An attacker might be able to use these vulnerabilities to crash Ethereal, perform DoS by CPU and disk space utilization or even execute arbitrary code with the permissions of the user running Ethereal, which could be the root user.

Workaround

For a temporary workaround you can disable all affected protocol dissectors by selecting Analyze->Enabled Protocols… and deselecting them from the list. However, it is strongly recommended to upgrade to the latest stable version.

Resolution

All ethereal users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.8"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-analyzer/ethereal< 0.10.8UNKNOWN

Related

openvas 10
nessus 6
freebsd 1
redhat 2
altlinux 1
cve 4
debian 2
ubuntucve 4
osv 1
openvas
openvas
FreeBSD Ports: ethereal, ethereal-lite, tethereal, tethereal-lite
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200412-15 (Ethereal)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200412-15 (Ethereal)
2008-09-24 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : ethereal (MDKSA-2004:152)
2004-12-21 00:00:00
FreeBSD : ethereal -- multiple vulnerabilities (efa1344b-5477-11d9-a9e7-0001020eed82)
2005-07-13 00:00:00
GLSA-200412-15 : Ethereal: Multiple vulnerabilities
2004-12-19 00:00:00
freebsd
freebsd
ethereal -- multiple vulnerabilities
2004-12-14 00:00:00
redhat
redhat
(RHSA-2005:011) ethereal security update
2005-02-02 00:00:00
(RHSA-2005:037) ethereal security update
2005-02-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package wireshark version 0.10.9-alt1
2005-01-22 00:00:00
cve
cve
CVE-2004-1142
2004-12-15 05:00:00
CVE-2004-1141
2004-12-31 05:00:00
CVE-2004-1140
2004-12-31 05:00:00
debian
debian
[SECURITY] [DSA 613-1] New ethereal packages fix denial of service
2004-12-21 07:48:54
[SECURITY] [DSA 613-1] New ethereal packages fix denial of service
2004-12-21 07:48:54
ubuntucve
ubuntucve
CVE-2004-1142
2004-12-15 00:00:00
CVE-2004-1141
2004-12-31 00:00:00
CVE-2004-1140
2004-12-31 00:00:00
osv
osv
ethereal - infinite loop
2004-12-21 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

89.9%

JSON
Related for GLSA-200412-15
openvas10nessus6freebsd1redhat2altlinux1cve4debian2ubuntucve4osv1