FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ethereal -- multiple protocol dissectors vulnerabilities

Affected packages
0.8.5 <= ethereal < 0.10.12
0.8.5 <= ethereal-lite < 0.10.12
0.8.5 <= tethereal < 0.10.12
0.8.5 <= tethereal-lite < 0.10.12

Details

VuXML ID 5d51d245-00ca-11da-bc08-0001020eed82
Discovery 2005-07-26
Entry 2005-07-30

An Ethreal Security Advisories reports:

Our testing program has turned up several more security issues:

Steve Grubb at Red Hat found the following issues:

iDEFENSE found the following issues:

Impact:

It may be possible to make Ethereal crash, use up available memory, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

References

URL http://www.ethereal.com/appnotes/enpa-sa-00020.html