drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberläufe in ethereal
Name: |
Pufferüberläufe in ethereal
|
|
ID: |
|
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Sa, 31. August 2002, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Wireshark |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT --------------------------------------------------------------------
PACKAGE :ethereal SUMMARY :buffer overflow DATE :2002-08-30 07:30 UTC
--------------------------------------------------------------------
OVERVIEW
The ISIS protocol dissector in Ethereal 0.9.5 and earlier versions is susceptible to a buffer overflow.
DETAIL
It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems.
The full advisory can be read at http://www.ethereal.com/appnotes/enpa-sa-00006.html
SOLUTION
It is recommended that all Gentoo Linux users who are running net-analyzer/ethereal-0.9.5-r2 and earlier update their systems as follows:
emerge rsync emerge ethereal emerge clean
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9bytFfT7nyhUpoZMRAoqRAJwMkA4erznbQZLJx0pH1mSEZpMvHQCdHTQq LCL3ZApIaH7V669MrYLaHy8= =RqOb -----END PGP SIGNATURE-----
_______________________________________________ gentoo-security mailing list gentoo-security@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-security
|
|
|
|