Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200503-16
HistoryMar 12, 2005 - 12:00 a.m.

Ethereal: Multiple vulnerabilities

2005-03-1200:00:00
Gentoo Foundation
security.gentoo.org
7

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.0%

JSON

Background

Ethereal is a feature rich network protocol analyzer.

Description

There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.10, including:

  • The Etheric, 3GPP2 A11 and IAPP dissectors are vulnerable to buffer overflows (CAN-2005-0704, CAN-2005-0699 and CAN-2005-0739).
  • The GPRS-LLC could crash when the “ignore cipher bit” option is enabled (CAN-2005-0705).
  • Various vulnerabilities in JXTA and sFlow dissectors.

Impact

An attacker might be able to use these vulnerabilities to crash Ethereal and execute arbitrary code with the permissions of the user running Ethereal, which could be the root user.

Workaround

For a temporary workaround you can disable all affected protocol dissectors. However, it is strongly recommended that you upgrade to the latest stable version.

Resolution

All Ethereal users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.10"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-analyzer/ethereal< 0.10.10UNKNOWN

Related

nessus 5
redhat 1
openvas 10
freebsd 1
altlinux 1
cve 6
ubuntucve 4
osv 1
debian 4
nessus
nessus
Mandrake Linux Security Advisory : ethereal (MDKSA-2005:053)
2005-03-16 00:00:00
RHEL 2.1 / 3 / 4 : ethereal (RHSA-2005:306)
2005-03-18 00:00:00
GLSA-200503-16 : Ethereal: Multiple vulnerabilities
2005-03-14 00:00:00
redhat
redhat
(RHSA-2005:306) ethereal security update
2005-03-18 00:00:00
openvas
openvas
FreeBSD Ports: ethereal, ethereal-lite, tethereal, tethereal-lite
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200503-16 (ethereal)
2008-09-24 00:00:00
FreeBSD Ports: ethereal, ethereal-lite, tethereal, tethereal-lite
2008-09-04 00:00:00
freebsd
freebsd
ethereal -- multiple protocol dissectors vulnerabilities
2005-03-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package wireshark version 0.10.10-alt1
2005-03-15 00:00:00
cve
cve
CVE-2005-0699
2005-03-08 05:00:00
CVE-2005-0704
2005-05-02 04:00:00
CVE-2005-0765
2005-03-12 05:00:00
ubuntucve
ubuntucve
CVE-2005-0699
2005-03-08 00:00:00
CVE-2005-0704
2005-05-02 00:00:00
CVE-2005-0739
2005-05-02 00:00:00
osv
osv
ethereal - buffer overflow
2005-04-28 00:00:00
debian
debian
[SECURITY] [DSA 718-1] New ethereal packages fix buffer overflow
2005-04-28 13:47:53
[SECURITY] [DSA 718-2] New ethereal packages fix buffer overflow
2005-04-28 15:02:39
[SECURITY] [DSA 718-2] New ethereal packages fix buffer overflow
2005-04-28 15:02:39

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.0%

JSON
Related for GLSA-200503-16
nessus5redhat1openvas10freebsd1altlinux1cve6ubuntucve4osv1debian4