What Are You Looking For?

Sign Up

- ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-10
- ---------------------------------------------------------------------

          PACKAGE : ethereal
          SUMMARY : arbitrary code execution
             DATE : 2003-03-09 20:12 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <0.9.10 : fixed version>=0.9.10
              CVE :

- ---------------------------------------------------------------------

>From advisory:
"The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format
string overflow. This vulnerability has been present in Ethereal since
the SOCKS dissector was introduced in version 0.8.7. It was discovered
by Georgi Guninski. Additionally, the NTLMSSP code is susceptible to a
heap overflow. All users of Ethereal 0.9.9 and below are encouraged
to upgrade. "

Read the full advisory at: 


SOLUTION

It is recommended that all Gentoo Linux users who are running
net-analyzer/ethereal upgrade to ethereal-0.9.10 as follows:

emerge sync
emerge ethereal
emerge clean

- ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- ---------------------------------------------------------------------

0.9.10

Gentoo: ethereal Arbitrary code execution

The SOCKS dissector in Ethereal 0.9.9 is susceptible to a formatstring overflow

Summary


- ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-10
- ---------------------------------------------------------------------

- ---------------------------------------------------------------------

>From advisory:
"The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format
string overflow. This vulnerability has been present in Ethereal since
the SOCKS dissector was introduced in version 0.8.7. It was discovered
by Georgi Guninski. Additionally, the NTLMSSP code is susceptible to a
heap overflow. All users of Ethereal 0.9.9 and below are encouraged
to upgrade. "

Read the full advisory at: 


SOLUTION

It is recommended that all Gentoo Linux users who are running
net-analyzer/ethereal upgrade to ethereal-0.9.10 as follows:

emerge sync
emerge ethereal
emerge clean

- ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- ---------------------------------------------------------------------

0.9.10

Resolution

References

Availability

Concerns

Severity
PACKAGE : ethereal
SUMMARY : arbitrary code execution
DATE : 2003-03-09 20:12 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <0.9.10 : fixed version>=0.9.10
CVE :

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so

Oct 19, 2023

Mitigations for Critical c-ares DoS, Code Execution Bug Released

Sep 29, 2023

Critical BusyBox Stack Overflow Vuln Fixed

Sep 22, 2023

High-Severity ntfs-3g Buffer Overflow Vulns Fixed

Jun 1, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo