Lucene search

K
redhatRedHatRHSA-2005:306
HistoryMar 18, 2005 - 12:00 a.m.

(RHSA-2005:306) ethereal security update

2005-03-1800:00:00
access.redhat.com
16

EPSS

0.025

Percentile

90.1%

The ethereal package is a program for monitoring network traffic.

A number of security flaws have been discovered in Ethereal. On a system
where Ethereal is running, a remote attacker could send malicious packets
to trigger these flaws and cause Ethereal to crash or potentially execute
arbitrary code.

A buffer overflow flaw was discovered in the Etheric dissector. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0704 to this issue.

The GPRS-LLC dissector could crash if the “ignore cipher bit” option was
set. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0705 to this issue.

A buffer overflow flaw was discovered in the 3GPP2 A11 dissector. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0699 to this issue.

A buffer overflow flaw was discovered in the IAPP dissector. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0739 to this issue.

Users of ethereal should upgrade to these updated packages, which contain
version 0.10.10 and are not vulnerable to these issues.