Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

Debian: CAN-2002-0353 Moderate: Ethereal ASN.1 Memory Error

debian
Calendar Grey June 1, 2002
Debian Logo
Debian security advisory for ethereal addresses ASN.1 memory allocation vulnerabilities when analyzing network traffic.
Ethereal versions prior to 0.9.3 were vulnerable to an allocation errorin the ASN.1 parser

Summary

Ethereal versions prior to 0.9.3 were vulnerable to an allocation error
in the ASN.1 parser. This can be triggered when analyzing traffic using
the SNMP, LDAP, COPS, or Kerberos protocols in ethereal. This
vulnerability was announced in the ethereal security advisory
enpa-sa-00003 and has been given the proposed CVE id of CAN-2002-0353.
This issue has been corrected in ethereal version 0.8.0-3potato for
Debian 2.2 (potato).

Additionally, a number of vulnerabilities were discussed in ethereal
security advisory enpa-sa-00004; the version of ethereal in Debian 2.2
(potato) is not vulnerable to the issues raised in this later advisory.
Users of the not-yet-released woody distribution should ensure that they
are running ethereal 0.9.4-1 or a later version.

We recommend you upgrade your ethereal package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

You may use an automated update by adding the resources from the
footer to the proper configurat...

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.