5.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:N/I:N/A:C
0.02 Low
EPSS
Percentile
89.0%
CentOS Errata and Security Advisory CESA-2006:0658-01
Wireshark is a program for monitoring network traffic.
Bugs were found in Wireshark’s SCSI and SSCOP protocol dissectors. Ethereal
could crash or stop responding if it read a malformed packet off the
network. (CVE-2006-4330, CVE-2006-4333)
An off-by-one bug was found in the IPsec ESP decryption preference parser.
Ethereal could crash or stop responding if it read a malformed packet off
the network. (CVE-2006-4331)
Users of Wireshark or Ethereal should upgrade to these updated packages
containing Wireshark version 0.99.3, which is not vulnerable to these
issues. These packages also fix a bug in the PAM configuration of the
Wireshark packages which prevented non-root users starting a capture.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-September/075390.html
Affected packages:
wireshark
wireshark-gnome
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | wireshark | < 0.99.3-AS21.4 | wireshark-0.99.3-AS21.4.i386.rpm |
CentOS | 2 | i386 | wireshark-gnome | < 0.99.3-AS21.4 | wireshark-gnome-0.99.3-AS21.4.i386.rpm |