GLSA-200406-01 : Ethereal: Multiple security problems

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200406-01
(Ethereal: Multiple security problems)

There are multiple vulnerabilities in versions of Ethereal earlier than
0.10.4, including:
A buffer overflow in the MMSE dissector.
Under specific conditions a SIP packet could make Ethereal
The AIM dissector could throw an assertion, causing Ethereal to
The SPNEGO dissector could dereference a NULL pointer, causing a

Impact :

An attacker could use these vulnerabilities to crash Ethereal or even
execute arbitrary code with the permissions of the user running
Ethereal, which could be the root user.

Workaround :

For a temporary workaround you can disable all affected protocol
dissectors by selecting Analyze->Enabled Protocols... and deselecting
them from the list. However, it is strongly recommended to upgrade to
the latest stable release.

See also :

Solution :

All Ethereal users should upgrade to the latest stable version:
# emerge sync
# emerge -pv '>=net-analyzer/ethereal-0.10.4'
# emerge '>=net-analyzer/ethereal-0.10.4'

Risk factor :

Critical / CVSS Base Score : 10.0

Family: Gentoo Local Security Checks

Nessus Plugin ID: 14512 (gentoo_GLSA-200406-01.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0504