[Full-Disclosure] GLSA: ethereal (200303-10)

From: Daniel Ahlberg (aliz@gentoo.org)
Date: 03/09/03

  • Next message: Curt Wilson: "[Full-Disclosure] Bypassing Black Ice PC protection?" 
    From: Daniel Ahlberg <aliz@gentoo.org>
To: full-disclosure@lists.netsys.com
Date: Sun, 9 Mar 2003 21:12:46 +0100

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - - ---------------------------------------------------------------------
    GENTOO LINUX SECURITY ANNOUNCEMENT 200303-10
    - - ---------------------------------------------------------------------

              PACKAGE : ethereal
              SUMMARY : arbitrary code execution
                 DATE : 2003-03-09 20:12 UTC
              EXPLOIT : remote
    VERSIONS AFFECTED : <0.9.10
        FIXED VERSION : >=0.9.10
                  CVE :

    - - ---------------------------------------------------------------------

    - From advisory:
    "The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format
    string overflow. This vulnerability has been present in Ethereal since
    the SOCKS dissector was introduced in version 0.8.7. It was discovered
    by Georgi Guninski. Additionally, the NTLMSSP code is susceptible to a
    heap overflow. All users of Ethereal 0.9.9 and below are encouraged
    to upgrade. "

    Read the full advisory at:
    http://www.ethereal.com/appnotes/enpa-sa-00008.html

    SOLUTION

    It is recommended that all Gentoo Linux users who are running
    net-analyzer/ethereal upgrade to ethereal-0.9.10 as follows:

    emerge sync
    emerge ethereal
    emerge clean

    - - ---------------------------------------------------------------------
    aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
    - - ---------------------------------------------------------------------
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iD8DBQE+a6A1fT7nyhUpoZMRAj6oAJ4wd+WBsHQEgFEuf22fWAueD6zjgACfV1uT
    rUKVwwCzAPiovynpwUE5N9c=
    =sn9d
    -----END PGP SIGNATURE-----
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Curt Wilson: "[Full-Disclosure] Bypassing Black Ice PC protection?"

    Relevant Pages

    • GLSA: ethereal (200303-10)
      ... "The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format ... string overflow. ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ...
      (Bugtraq)
    • GLSA: apache (200304-01)
      ... "Remote exploitation of a memory leak in the Apache HTTP Server causes the ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ...
      (Bugtraq)
    • [Full-Disclosure] GLSA: apache (200304-01)
      ... "Remote exploitation of a memory leak in the Apache HTTP Server causes the ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ...
      (Full-Disclosure)
    • [Full-Disclosure] GLSA: netscape-flash (200303-9)
      ... GENTOO LINUX SECURITY ANNOUNCEMENT 200303-9 ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge netscape-flash ...
      (Full-Disclosure)
    • [Full-Disclosure] GLSA: man (200303-13)
      ... Read the full advisory at: ... It is recommended that all Gentoo Linux users who are running ... emerge sync ...
      (Full-Disclosure)
    • Quantcast