aru Posted July 9, 2004 Report Share Posted July 9, 2004 Mandrakesoft Security Advisories MDKSA-2004:067 : ethereal Updated ethereal packages fix multiple vulnerabilities July 9th, 2004 Three vulnerabilities were discovered in Ethereal versions prior to 0.10.5 in the iSNS, SMB SID, and SNMP dissectors.It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet into the wire or by convincing someone to read a malformed packet trace file. These vulnerabilities have been corrected in Ethereal 0.10.5. The released versions of Mandrake GNU/Linux affected are: 9.2 10.0 Full information about this advisory, including the updated packages, is available at: www.mandrakesoft.com/security/advisories?name=MDKSA-2004:067 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0635 http://www.ethereal.com/appnotes/enpa-sa-00015.html Posted automatically by aru (mdksec2mub v0.0.9) Link to comment Share on other sites More sharing options...
Recommended Posts