Linux Today: Linux News On Internet Time.

More on LinuxToday

Gentoo Linux Advisory: ethereal

Aug 30, 2002, 21:44 (0 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

- - --------------------------------------------------------------------
- - --------------------------------------------------------------------

PACKAGE        :ethereal
SUMMARY        :buffer overflow
DATE           :2002-08-30 07:30 UTC

- - --------------------------------------------------------------------


The ISIS protocol dissector in Ethereal 0.9.5 and earlier versions
is susceptible to a buffer overflow.


It may be possible to make Ethereal crash or hang by injecting a
purposefully malformed packet onto the wire, or by convincing someone
to read a malformed packet trace file. It may be possible to make
Ethereal run arbitrary code by exploiting the buffer and pointer problems.

The full advisory can be read at


It is recommended that all Gentoo Linux users who are running
net-analyzer/ethereal-0.9.5-r2 and earlier update their systems
as follows:

emerge rsync
emerge ethereal
emerge clean

- - -------------------------------------------------------------------- - GnuPG key is available at
- -