7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Ethereal developers discovered a buffer overflow in the ISIS protocol
dissector. It may be possible to make Ethereal crash or hang by
injecting a purposefully malformed packet onto the wire, or by
convincing someone to read a malformed packet trace file. It may be
possible to make Ethereal run arbitrary code by exploiting the buffer
and pointer problems.
This problem has been fixed in version 0.9.4-1woody2 for the current
stable distribution (woody), in version 0.8.0-4potato.1 for
the old stable distribution (potato) and in version 0.9.6-1 for the
unstable distribution (sid).
We recommend that you upgrade your ethereal packages.