1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - --------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-10 |
6 |
- - --------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE : ethereal |
9 |
SUMMARY : arbitrary code execution |
10 |
DATE : 2003-03-09 20:12 UTC |
11 |
EXPLOIT : remote |
12 |
VERSIONS AFFECTED : <0.9.10 |
13 |
FIXED VERSION : >=0.9.10 |
14 |
CVE : |
15 |
|
16 |
- - --------------------------------------------------------------------- |
17 |
|
18 |
- From advisory: |
19 |
"The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format |
20 |
string overflow. This vulnerability has been present in Ethereal since |
21 |
the SOCKS dissector was introduced in version 0.8.7. It was discovered |
22 |
by Georgi Guninski. Additionally, the NTLMSSP code is susceptible to a |
23 |
heap overflow. All users of Ethereal 0.9.9 and below are encouraged |
24 |
to upgrade. " |
25 |
|
26 |
Read the full advisory at: |
27 |
http://www.ethereal.com/appnotes/enpa-sa-00008.html |
28 |
|
29 |
SOLUTION |
30 |
|
31 |
It is recommended that all Gentoo Linux users who are running |
32 |
net-analyzer/ethereal upgrade to ethereal-0.9.10 as follows: |
33 |
|
34 |
emerge sync |
35 |
emerge ethereal |
36 |
emerge clean |
37 |
|
38 |
- - --------------------------------------------------------------------- |
39 |
aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz |
40 |
- - --------------------------------------------------------------------- |
41 |
-----BEGIN PGP SIGNATURE----- |
42 |
Version: GnuPG v1.2.1 (GNU/Linux) |
43 |
|
44 |
iD8DBQE+a6A1fT7nyhUpoZMRAj6oAJ4wd+WBsHQEgFEuf22fWAueD6zjgACfV1uT |
45 |
rUKVwwCzAPiovynpwUE5N9c= |
46 |
=sn9d |
47 |
-----END PGP SIGNATURE----- |