Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200510-25
HistoryOct 30, 2005 - 12:00 a.m.

Ethereal: Multiple vulnerabilities in protocol dissectors

2005-10-3000:00:00
Gentoo Foundation
security.gentoo.org
11

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.125 Low

EPSS

Percentile

95.4%

JSON

Background

Ethereal is a feature-rich network protocol analyzer.

Description

There are numerous vulnerabilities in versions of Ethereal prior to 0.10.13, including:

  • The SLIM3 and AgentX dissectors could overflow a buffer (CVE-2005-3243).
  • iDEFENSE discovered a buffer overflow in the SRVLOC dissector (CVE-2005-3184).
  • Multiple potential crashes in many dissectors have been fixed, see References for further details.

Furthermore an infinite loop was discovered in the IRC protocol dissector of the 0.10.13 release (CVE-2005-3313).

Impact

An attacker might be able to use these vulnerabilities to crash Ethereal or execute arbitrary code with the permissions of the user running Ethereal, which could be the root user.

Workaround

There is no known workaround at this time.

Resolution

All Ethereal users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.13-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-analyzer/ethereal< 0.10.13-r1UNKNOWN

Related

openvas 6
nessus 10
redhat 2
centos 4
osv 1
debian 1
ubuntucve 11
cve 11
securityvulns 1
openvas
openvas
Gentoo Security Advisory GLSA 200510-25 (Ethereal)
2008-09-24 00:00:00
SLES9: Security update for ethereal
2009-10-10 00:00:00
SLES9: Security update for ethereal
2009-10-10 00:00:00
nessus
nessus
GLSA-200510-25 : Ethereal: Multiple vulnerabilities in protocol dissectors
2005-11-02 00:00:00
Mandrake Linux Security Advisory : ethereal (MDKSA-2005:193-2)
2006-01-15 00:00:00
RHEL 2.1 / 3 / 4 : ethereal (RHSA-2005:809)
2005-10-28 00:00:00
redhat
redhat
(RHSA-2005:809) ethereal security update
2005-10-25 00:00:00
(RHSA-2006:0156) ethereal security update
2006-01-11 00:00:00
centos
centos
ethereal security update
2005-10-28 03:32:24
ethereal security update
2005-10-25 21:48:05
ethereal security update
2006-01-16 00:10:30
osv
osv
ethereal - several
2006-09-07 00:00:00
debian
debian
[SECURITY] [DSA 1171-1] New ethereal packages fix execution of arbitrary code
2006-09-07 21:34:13
ubuntucve
ubuntucve
CVE-2005-3249
2005-10-27 00:00:00
CVE-2005-3242
2005-10-27 00:00:00
CVE-2005-3243
2005-10-27 00:00:00
cve
cve
CVE-2005-3242
2005-10-27 10:02:00
CVE-2005-3248
2005-10-27 10:02:00
CVE-2005-3249
2005-10-27 10:02:00
securityvulns
securityvulns
[Full-disclosure] iDEFENSE Security Advisory 10.20.05: Multiple Vendor Ethereal srvloc Buffer Overflow Vulnerability
2005-10-21 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.125 Low

EPSS

Percentile

95.4%

JSON
Related for GLSA-200510-25
openvas6nessus10redhat2centos4osv1debian1ubuntucve11cve11securityvulns1