Login


 
Newsletter
Werbung
Sicherheit: Mehrere Probleme in ethereal
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in ethereal
ID: 200306-13
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Do, 26. Juni 2003, 13:00
Referenzen: Keine Angabe

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-13
--------------------------------------------------------------------

          PACKAGE : ethereal
          SUMMARY : arbitrary code execution
             DATE : 2003-06-25 22:36 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <ethereal-0.9.13
    FIXED VERSION : >=ethereal-0.9.13
              CVE : CAN-2003-0432

--------------------------------------------------------------------

from advisory:
"It may be possible to make Ethereal crash or run arbitrary code by
injecting a purposefully malformed packet onto the wire, or by convincing
someone to read a malformed packet trace file."

Read the full advisory at
http://www.ethereal.com/appnotes/enpa-sa-00010.html

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-analyzer/ethereal upgrade to ethereal as follows

emerge sync
emerge ethereal
emerge clean

--------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE++iPvfT7nyhUpoZMRAvKBAKC3lQKGHRq0fGTEdpFcoP3JJcxjrgCdEbQ9
sUBm1GkCmTqjoIrZFHzJS3s=
=5vaU
-----END PGP SIGNATURE-----
Pro-Linux
Frohe Ostern
Neue Nachrichten
Werbung