Gentoo: 200306-13 Critical: Ethereal Arbitrary Code Execution Threat

gentoo

June 27, 2003

It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trac...

Summary


GENTOO LINUX SECURITY ANNOUNCEMENT 200306-13


from advisory: 
"It may be possible to make Ethereal crash or run arbitrary code by 
injecting a purposefully malformed packet onto the wire, or by convincing 
someone to read a malformed packet trace file."

Read the full advisory at 


SOLUTION

It is recommended that all Gentoo Linux users who are running
net-analyzer/ethereal upgrade to ethereal as follows

emerge sync
emerge ethereal
emerge clean

aliz@gentoo.org - GnuPG key is available at

Topics Covered

security advisory gentoo remote exploit arbitrary code execution ethereal

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity

critical

Lowest

Low

Medium

High

Critical

PACKAGE : ethereal

SUMMARY : arbitrary code execution

DATE : 2003-06-25 22:36 UTC

EXPLOIT : remote

VERSIONS AFFECTED : =ethereal-0.9.13

CVE : CAN-2003-0432

Topics Covered

security advisory gentoo remote exploit arbitrary code execution ethereal

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks