LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Eridani alert ERISA-2002:040 (ethereal)



From:
    	      Eridani Star System <linux@eridani.co.uk>


To:
    	      eridani-announce@eridani.co.uk


Subject:
    	      [Eridani-Announce] ERISA-2002:040 - ethereal


Date:
    	      Tue, 3 Sep 2002 11:20:54 +0100 (BST)



=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	ethereal
Summary:	Buffer overflow allows remot DoS in ISIS dissector
Date:		2002-09-03
ID:		ERISA-2002:040

=========================================================================

Problem description:

  A buffer overflow in Ethereal versions prior to 0.9.6 allows remote
  attackers to cause a denial of service condition or execute arbitrary
  code via the ISIS dissector.

  Buffer overflows in Ethereal verions prior to 0.9.5 allow remote attackers
  to cause a denial of service condition or execute arbitrary code via
  (1) the BGP dissector, or (2) the WCP dissector.

  Faults in Ethereal versions prior to 0.9.5 allow remote attackers to
  cause a denial of service condition and possibly execute arbitrary code
  via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can
  be caused to core dump.

  This advisory supercedes ERISA-2002:023, and the old packages have been
  removed from the FTP server.

-------------------------------------------------------------------------
Updated packages:

  b18f19d1e77f62b7791d8c72cd874500  ethereal-0.9.6-1.src.rpm

  246c33bf63725514199e2d5281e1918c  ethereal-base-0.9.6-1.i386.rpm
  fedfc5a781c9f1f5898190b6ad662a5f  ethereal-gnome-0.9.6-1.i386.rpm
  dcee7e073c144e2e4991474836b32dab  ethereal-gtk+-0.9.6-1.i386.rpm
  6edce15a38ff1213c2f6fe629f0602a6  ethereal-kde-0.9.6-1.i386.rpm
  745e018ca216425d92eedc95cfd544aa  ethereal-usermode-0.9.6-1.i386.rpm

-------------------------------------------------------------------------
References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0822

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...

_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds