This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200406-01
(Ethereal: Multiple security problems)
There are multiple vulnerabilities in versions of Ethereal earlier than
A buffer overflow in the MMSE dissector.
Under specific conditions a SIP packet could make Ethereal
The AIM dissector could throw an assertion, causing Ethereal to
The SPNEGO dissector could dereference a NULL pointer, causing a
An attacker could use these vulnerabilities to crash Ethereal or even
execute arbitrary code with the permissions of the user running
Ethereal, which could be the root user.
For a temporary workaround you can disable all affected protocol
dissectors by selecting Analyze->Enabled Protocols... and deselecting
them from the list. However, it is strongly recommended to upgrade to
the latest stable release.
See also :
All Ethereal users should upgrade to the latest stable version:
# emerge sync
# emerge -pv '>=net-analyzer/ethereal-0.10.4'
# emerge '>=net-analyzer/ethereal-0.10.4'
Risk factor :
Critical / CVSS Base Score : 10.0