(RHSA-2006:0420) ethereal security update

2006-05-0300:00:00

access.redhat.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.045 Low

EPSS

Percentile

91.5%

JSON

Ethereal is a program for monitoring network traffic.

Several denial of service bugs were found in Ethereal’s protocol
dissectors. Ethereal could crash or stop responding if it reads a malformed
packet off the network. (CVE-2006-1932, CVE-2006-1933, CVE-2006-1937,
CVE-2006-1938, CVE-2006-1939, CVE-2006-1940)

Several buffer overflow bugs were found in Ethereal’s COPS, telnet, and
ALCAP dissectors as well as Network Instruments file code and
NetXray/Windows Sniffer file code. Ethereal could crash or execute
arbitrary code if it reads a malformed packet off the network.
(CVE-2006-1934, CVE-2006-1935, CVE-2006-1936)

Users of ethereal should upgrade to these updated packages containing
version 0.99.0, which is not vulnerable to these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyia64ethereal-gnome< 0.99.0-EL4.2ethereal-gnome-0.99.0-EL4.2.ia64.rpm
RedHatanyia64ethereal-gnome< 0.99.0-EL3.2ethereal-gnome-0.99.0-EL3.2.ia64.rpm
RedHatanys390ethereal-gnome< 0.99.0-EL3.2ethereal-gnome-0.99.0-EL3.2.s390.rpm
RedHatanys390ethereal-gnome< 0.99.0-EL4.2ethereal-gnome-0.99.0-EL4.2.s390.rpm
RedHatanyi386ethereal-gnome< 0.99.0-EL4.2ethereal-gnome-0.99.0-EL4.2.i386.rpm
RedHatanyx86_64ethereal< 0.99.0-EL3.2ethereal-0.99.0-EL3.2.x86_64.rpm
RedHatanyi386ethereal< 0.99.0-EL3.2ethereal-0.99.0-EL3.2.i386.rpm
RedHatanys390xethereal< 0.99.0-EL3.2ethereal-0.99.0-EL3.2.s390x.rpm
RedHatanyia64ethereal-gnome< 0.99.0-AS21.2ethereal-gnome-0.99.0-AS21.2.ia64.rpm
RedHatanys390xethereal< 0.99.0-EL4.2ethereal-0.99.0-EL4.2.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	ia64	ethereal-gnome	< 0.99.0-EL4.2	ethereal-gnome-0.99.0-EL4.2.ia64.rpm
RedHat	any	ia64	ethereal-gnome	< 0.99.0-EL3.2	ethereal-gnome-0.99.0-EL3.2.ia64.rpm
RedHat	any	s390	ethereal-gnome	< 0.99.0-EL3.2	ethereal-gnome-0.99.0-EL3.2.s390.rpm
RedHat	any	s390	ethereal-gnome	< 0.99.0-EL4.2	ethereal-gnome-0.99.0-EL4.2.s390.rpm
RedHat	any	i386	ethereal-gnome	< 0.99.0-EL4.2	ethereal-gnome-0.99.0-EL4.2.i386.rpm
RedHat	any	x86_64	ethereal	< 0.99.0-EL3.2	ethereal-0.99.0-EL3.2.x86_64.rpm
RedHat	any	i386	ethereal	< 0.99.0-EL3.2	ethereal-0.99.0-EL3.2.i386.rpm
RedHat	any	s390x	ethereal	< 0.99.0-EL3.2	ethereal-0.99.0-EL3.2.s390x.rpm
RedHat	any	ia64	ethereal-gnome	< 0.99.0-AS21.2	ethereal-gnome-0.99.0-AS21.2.ia64.rpm
RedHat	any	s390x	ethereal	< 0.99.0-EL4.2	ethereal-0.99.0-EL4.2.s390x.rpm