10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.038 Low
EPSS
Percentile
91.9%
CentOS Errata and Security Advisory CESA-2006:0602-01
Ethereal is a program for monitoring network traffic.
In May 2006, Ethereal changed its name to Wireshark. This update
deprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3, and 4
in favor of the supported Wireshark packages.
Several denial of service bugs were found in Ethereal’s protocol
dissectors. It was possible for Ethereal to crash or stop responding if it
read a malformed packet off the network. (CVE-2006-3627, CVE-2006-3629,
CVE-2006-3631)
Several buffer overflow bugs were found in Ethereal’s ANSI MAP, NCP NMAS,
and NDPStelnet dissectors. It was possible for Ethereal to crash or execute
arbitrary code if it read a malformed packet off the network.
(CVE-2006-3630, CVE-2006-3632)
Several format string bugs were found in Ethereal’s Checkpoint FW-1, MQ,
XML, and NTP dissectors. It was possible for Ethereal to crash or execute
arbitrary code if it read a malformed packet off the network. (CVE-2006-3628)
Users of Ethereal should upgrade to these updated packages containing
Wireshark version 0.99.2, which is not vulnerable to these issues
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-August/075301.html
Affected packages:
wireshark
wireshark-gnome
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | wireshark | < 0.99.2-AS21.1 | wireshark-0.99.2-AS21.1.i386.rpm |
CentOS | 2 | i386 | wireshark-gnome | < 0.99.2-AS21.1 | wireshark-gnome-0.99.2-AS21.1.i386.rpm |