GLSA-200507-27 : Ethereal: Multiple vulnerabilities
High Nessus Plugin ID 19329
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200507-27 (Ethereal: Multiple vulnerabilities)
There are numerous vulnerabilities in versions of Ethereal prior to 0.10.12, including:
The SMB dissector could overflow a buffer or exhaust memory (CAN-2005-2365).
iDEFENSE discovered that several dissectors are vulnerable to format string overflows (CAN-2005-2367).
Additionally multiple potential crashes in many dissectors have been fixed, see References for further details.
An attacker might be able to use these vulnerabilities to crash Ethereal or execute arbitrary code with the permissions of the user running Ethereal, which could be the root user.
There is no known workaround at this time.
SolutionAll Ethereal users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/ethereal-0.10.12'