(RHSA-2006:0602) wireshark security update (was ethereal)

2006-08-1600:00:00

access.redhat.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.038 Low

EPSS

Percentile

90.9%

JSON

Ethereal is a program for monitoring network traffic.

In May 2006, Ethereal changed its name to Wireshark. This update
deprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3, and 4
in favor of the supported Wireshark packages.

Several denial of service bugs were found in Ethereal’s protocol
dissectors. It was possible for Ethereal to crash or stop responding if it
read a malformed packet off the network. (CVE-2006-3627, CVE-2006-3629,
CVE-2006-3631)

Several buffer overflow bugs were found in Ethereal’s ANSI MAP, NCP NMAS,
and NDPStelnet dissectors. It was possible for Ethereal to crash or execute
arbitrary code if it read a malformed packet off the network.
(CVE-2006-3630, CVE-2006-3632)

Several format string bugs were found in Ethereal’s Checkpoint FW-1, MQ,
XML, and NTP dissectors. It was possible for Ethereal to crash or execute
arbitrary code if it read a malformed packet off the network. (CVE-2006-3628)

Users of Ethereal should upgrade to these updated packages containing
Wireshark version 0.99.2, which is not vulnerable to these issues

OSVersionArchitecturePackageVersionFilename
RedHatanys390wireshark-gnome< 0.99.2-EL3.1wireshark-gnome-0.99.2-EL3.1.s390.rpm
RedHatanyi386wireshark-gnome< 0.99.2-AS21.1wireshark-gnome-0.99.2-AS21.1.i386.rpm
RedHatanyppcwireshark< 0.99.2-EL3.1wireshark-0.99.2-EL3.1.ppc.rpm
RedHatanyia64wireshark-gnome< 0.99.2-EL3.1wireshark-gnome-0.99.2-EL3.1.ia64.rpm
RedHatanys390wireshark-gnome< 0.99.2-EL4.1wireshark-gnome-0.99.2-EL4.1.s390.rpm
RedHatanyia64wireshark< 0.99.2-EL4.1wireshark-0.99.2-EL4.1.ia64.rpm
RedHatanyppcwireshark-gnome< 0.99.2-EL4.1wireshark-gnome-0.99.2-EL4.1.ppc.rpm
RedHatanyia64wireshark-gnome< 0.99.2-AS21.1wireshark-gnome-0.99.2-AS21.1.ia64.rpm
RedHatanyppcwireshark-gnome< 0.99.2-EL3.1wireshark-gnome-0.99.2-EL3.1.ppc.rpm
RedHatanyi386wireshark< 0.99.2-EL4.1wireshark-0.99.2-EL4.1.i386.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	s390	wireshark-gnome	< 0.99.2-EL3.1	wireshark-gnome-0.99.2-EL3.1.s390.rpm
RedHat	any	i386	wireshark-gnome	< 0.99.2-AS21.1	wireshark-gnome-0.99.2-AS21.1.i386.rpm
RedHat	any	ppc	wireshark	< 0.99.2-EL3.1	wireshark-0.99.2-EL3.1.ppc.rpm
RedHat	any	ia64	wireshark-gnome	< 0.99.2-EL3.1	wireshark-gnome-0.99.2-EL3.1.ia64.rpm
RedHat	any	s390	wireshark-gnome	< 0.99.2-EL4.1	wireshark-gnome-0.99.2-EL4.1.s390.rpm
RedHat	any	ia64	wireshark	< 0.99.2-EL4.1	wireshark-0.99.2-EL4.1.ia64.rpm
RedHat	any	ppc	wireshark-gnome	< 0.99.2-EL4.1	wireshark-gnome-0.99.2-EL4.1.ppc.rpm
RedHat	any	ia64	wireshark-gnome	< 0.99.2-AS21.1	wireshark-gnome-0.99.2-AS21.1.ia64.rpm
RedHat	any	ppc	wireshark-gnome	< 0.99.2-EL3.1	wireshark-gnome-0.99.2-EL3.1.ppc.rpm
RedHat	any	i386	wireshark	< 0.99.2-EL4.1	wireshark-0.99.2-EL4.1.i386.rpm