Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200501-27
HistoryJan 20, 2005 - 12:00 a.m.

Ethereal: Multiple vulnerabilities

2005-01-2000:00:00
Gentoo Foundation
security.gentoo.org
12

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON

Background

Ethereal is a feature rich network protocol analyzer.

Description

There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.9, including:

  • The COPS dissector could go into an infinite loop (CAN-2005-0006).
  • The DLSw dissector could cause an assertion, making Ethereal exit prematurely (CAN-2005-0007).
  • The DNP dissector could cause memory corruption (CAN-2005-0008).
  • The Gnutella dissector could cause an assertion, making Ethereal exit prematurely (CAN-2005-0009).
  • The MMSE dissector could free statically-allocated memory (CAN-2005-0010).
  • The X11 dissector is vulnerable to a string buffer overflow (CAN-2005-0084).

Impact

An attacker might be able to use these vulnerabilities to crash Ethereal, perform DoS by CPU and disk space utilization or even execute arbitrary code with the permissions of the user running Ethereal, which could be the root user.

Workaround

For a temporary workaround you can disable all affected protocol dissectors by selecting Analyze->Enabled Protocols… and deselecting them from the list. However, it is strongly recommended to upgrade to the latest stable version.

Resolution

All Ethereal users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.9"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-analyzer/ethereal< 0.10.9UNKNOWN

Related

openvas 10
nessus 6
freebsd 1
altlinux 1
redhat 2
cve 6
ubuntucve 6
osv 1
debian 2
openvas
openvas
FreeBSD Ports: ethereal, ethereal-lite, tethereal, tethereal-lite
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200501-27 (ethereal)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200501-27 (ethereal)
2008-09-24 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : ethereal (MDKSA-2005:013)
2005-01-25 00:00:00
GLSA-200501-27 : Ethereal: Multiple vulnerabilities
2005-02-14 00:00:00
Debian DSA-653-1 : ethereal - buffer overflow
2005-01-25 00:00:00
freebsd
freebsd
ethereal -- multiple protocol dissectors vulnerabilities
2005-01-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package wireshark version 0.10.9-alt1
2005-01-22 00:00:00
redhat
redhat
(RHSA-2005:011) ethereal security update
2005-02-02 00:00:00
(RHSA-2005:037) ethereal security update
2005-02-15 00:00:00
cve
cve
CVE-2005-0009
2005-05-02 04:00:00
CVE-2005-0010
2005-05-02 04:00:00
CVE-2005-0008
2005-05-02 04:00:00
ubuntucve
ubuntucve
CVE-2005-0007
2005-05-02 00:00:00
CVE-2005-0006
2005-05-02 00:00:00
CVE-2005-0010
2005-05-02 00:00:00
osv
osv
ethereal - buffer overflow
2005-01-21 00:00:00
debian
debian
[SECURITY] [DSA 653-1] New ethereal packages fix buffer overflow
2005-01-21 11:33:27
[SECURITY] [DSA 653-1] New ethereal packages fix buffer overflow
2005-01-21 11:33:27

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.5%

JSON
Related for GLSA-200501-27
openvas10nessus6freebsd1altlinux1redhat2cve6ubuntucve6osv1debian2