Nessus Plugin #17318
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200503-16] Ethereal: Multiple vulnerabilities
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2005 Michel Arboi
- Summary:
- Ethereal: Multiple vulnerabilities
- Version:
- $Revision: 1.1 $
- Cve_id:
- CAN-2005-0699, CAN-2005-0704, CAN-2005-0705
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200503-16
- Description:
- The remote host is affected by the vulnerability described in GLSA-200503-16
(Ethereal: Multiple vulnerabilities)
There are multiple vulnerabilities in versions of Ethereal earlier
than 0.10.10, including:
The Etheric and 3GPP2 A11
dissectors are vulnerable to buffer overflows (CAN-2005-0704 and
CAN-2005-0699).
The GPRS-LLC could crash when the "ignore
cipher bit" option is enabled (CAN-2005-0705).
Various
vulnerabilities in the IAPP, JXTA, and sFlow dissectors.
Impact
An attacker might be able to use these vulnerabilities to crash
Ethereal and execute arbitrary code with the permissions of the user
running Ethereal, which could be the root user.
Workaround
For a temporary workaround you can disable all affected protocol
dissectors. However, it is strongly recommended that you upgrade to the
latest stable version.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0705
http://www.ethereal.com/appnotes/enpa-sa-00018.html
Solution:
All Ethereal users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.10"
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.