GoogleOSV:DSA-1049-1ethereal - several vulnerabilities
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Gerald Combs reported several vulnerabilities in ethereal, a popular
network traffic analyser. The Common Vulnerabilities and Exposures
project identifies the following problems:
- CVE-2006-1932
The OID printing routine is susceptible to an off-by-one error. - CVE-2006-1933
The UMA and BER dissectors could go into an infinite loop. - CVE-2006-1934
The Network Instruments file code could overrun a buffer. - CVE-2006-1935
The COPS dissector contains a potential buffer overflow. - CVE-2006-1936
The telnet dissector contains a buffer overflow. - CVE-2006-1937
Bugs in the SRVLOC and AIM dissector, and in the statistics
counter could crash ethereal. - CVE-2006-1938
Null pointer dereferences in the SMB PIPE dissector and when
reading a malformed Sniffer capture could crash ethereal. - CVE-2006-1939
Null pointer dereferences in the ASN.1, GSM SMS, RPC and
ASN.1-based dissector and an invalid display filter could crash
ethereal. - CVE-2006-1940
The SNDCP dissector could cause an unintended abortion.
For the old stable distribution (woody) these problems have been fixed in
version 0.9.4-1woody15.
For the stable distribution (sarge) these problems have been fixed in
version 0.10.10-2sarge5.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your ethereal packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ethereal | eq | 0.10.10-2sarge4 | |
| ethereal | eq | 0.10.10-2sarge2 | |
| ethereal | eq | 0.10.10-2sarge3 |
References
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C