aru Posted June 24, 2003 Report Share Posted June 24, 2003 MandrakeSoft Security Advisory MDKSA-2003:070 : ethereal June 23rd, 2003 Updated ethereal packages fix multiple vulnerabilities A number of string handling bugs were found in the packet dissectors in ethereal that can be exploited using specially crafted packets to cause ethereal to consume excessive amounts of memory, crash, or even execute arbitray code. These vulnerabilities have been fixed upsteam in ethereal 0.9.13 and all users are encouraged to upgrade. The released versions of Mandrake GNU/Linux affected are: 9.1 [*] 9.1/PPC Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:070 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0428 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0429 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0431 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0432 http://www.ethereal.com/appnotes/enpa-sa-00010.html Posted automatically by aru (mdksec2mub v0.0.6) Link to comment Share on other sites More sharing options...
Recommended Posts