Mandrake Linux Security Advisory : ethereal (MDKSA-2004:002)
Medium Nessus Plugin ID 14102
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionTwo vulnerabilities were discovered in versions of Ethereal prior to 0.10.0 that can be exploited to make Ethereal crash by injecting malformed packets onto the wire or by convincing a user to read a malformed packet trace file. The first vulnerability is in the SMB dissector and the second is in the Q.391 dissector. It is not known whether or not these issues could lead to the execution of arbitrary code.
The updated packages provide Ethereal 0.10.0 which is not vulnerable to these issues.
SolutionUpdate the affected ethereal package.