(RHSA-2005:306) ethereal security update

2005-03-1800:00:00

access.redhat.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

91.5%

JSON

The ethereal package is a program for monitoring network traffic.

A number of security flaws have been discovered in Ethereal. On a system
where Ethereal is running, a remote attacker could send malicious packets
to trigger these flaws and cause Ethereal to crash or potentially execute
arbitrary code.

A buffer overflow flaw was discovered in the Etheric dissector. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0704 to this issue.

The GPRS-LLC dissector could crash if the “ignore cipher bit” option was
set. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0705 to this issue.

A buffer overflow flaw was discovered in the 3GPP2 A11 dissector. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0699 to this issue.

A buffer overflow flaw was discovered in the IAPP dissector. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0739 to this issue.

Users of ethereal should upgrade to these updated packages, which contain
version 0.10.10 and are not vulnerable to these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyi386ethereal-gnome< 0.10.10-1.EL3.1ethereal-gnome-0.10.10-1.EL3.1.i386.rpm
RedHatanyppcethereal< 0.10.10-1.EL4.1ethereal-0.10.10-1.EL4.1.ppc.rpm
RedHatanys390ethereal< 0.10.10-1.EL3.1ethereal-0.10.10-1.EL3.1.s390.rpm
RedHatanys390xethereal-gnome< 0.10.10-1.EL3.1ethereal-gnome-0.10.10-1.EL3.1.s390x.rpm
RedHatanyx86_64ethereal< 0.10.10-1.EL3.1ethereal-0.10.10-1.EL3.1.x86_64.rpm
RedHatanys390ethereal-gnome< 0.10.10-1.EL4.1ethereal-gnome-0.10.10-1.EL4.1.s390.rpm
RedHatanyi386ethereal-gnome< 0.10.10-1.AS21.1ethereal-gnome-0.10.10-1.AS21.1.i386.rpm
RedHatanyppcethereal-gnome< 0.10.10-1.EL4.1ethereal-gnome-0.10.10-1.EL4.1.ppc.rpm
RedHatanyi386ethereal-gnome< 0.10.10-1.EL4.1ethereal-gnome-0.10.10-1.EL4.1.i386.rpm
RedHatanyi386ethereal< 0.10.10-1.AS21.1ethereal-0.10.10-1.AS21.1.i386.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	i386	ethereal-gnome	< 0.10.10-1.EL3.1	ethereal-gnome-0.10.10-1.EL3.1.i386.rpm
RedHat	any	ppc	ethereal	< 0.10.10-1.EL4.1	ethereal-0.10.10-1.EL4.1.ppc.rpm
RedHat	any	s390	ethereal	< 0.10.10-1.EL3.1	ethereal-0.10.10-1.EL3.1.s390.rpm
RedHat	any	s390x	ethereal-gnome	< 0.10.10-1.EL3.1	ethereal-gnome-0.10.10-1.EL3.1.s390x.rpm
RedHat	any	x86_64	ethereal	< 0.10.10-1.EL3.1	ethereal-0.10.10-1.EL3.1.x86_64.rpm
RedHat	any	s390	ethereal-gnome	< 0.10.10-1.EL4.1	ethereal-gnome-0.10.10-1.EL4.1.s390.rpm
RedHat	any	i386	ethereal-gnome	< 0.10.10-1.AS21.1	ethereal-gnome-0.10.10-1.AS21.1.i386.rpm
RedHat	any	ppc	ethereal-gnome	< 0.10.10-1.EL4.1	ethereal-gnome-0.10.10-1.EL4.1.ppc.rpm
RedHat	any	i386	ethereal-gnome	< 0.10.10-1.EL4.1	ethereal-gnome-0.10.10-1.EL4.1.i386.rpm
RedHat	any	i386	ethereal	< 0.10.10-1.AS21.1	ethereal-0.10.10-1.AS21.1.i386.rpm