| Description: | Ethereal is a program for monitoring network traffic.
A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws.
A flaw in the DICOM dissector could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1139 to this issue.
A invalid RTP timestamp could hang Ethereal and create a large temporary file, possibly filling available disk space. (CAN-2004-1140)
The HTTP dissector could access previously-freed memory, causing a crash. (CAN-2004-1141)
An improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142)
The COPS dissector could go into an infinite loop. (CAN-2005-0006)
The DLSw dissector could cause an assertion, making Ethereal exit prematurely. (CAN-2005-0007)
The DNP dissector could cause memory corruption. (CAN-2005-0008)
The Gnutella dissector could cause an assertion, making Ethereal exit prematurely. (CAN-2005-0009)
The MMSE dissector could free static memory, causing a crash. (CAN-2005-0010)
The X11 protocol dissector is vulnerable to a string buffer overflow. (CAN-2005-0084)
Users of Ethereal should upgrade to these updated packages which contain version 0.10.9 that is not vulnerable to these issues.
|