Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200607-09
HistoryJul 25, 2006 - 12:00 a.m.

Wireshark: Multiple vulnerabilities

2006-07-2500:00:00
Gentoo Foundation
security.gentoo.org
7

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.038 Low

EPSS

Percentile

91.9%

JSON

Background

Wireshark, formerly known as Ethereal, is a popular network protocol analyzer.

Description

Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop.

Impact

Running an affected version of Wireshark or Ethereal could allow for a remote attacker to execute arbitrary code on the user’s computer by sending specially crafted packets.

Workaround

There is no known workaround at this time.

Resolution

All Wireshark users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.2"

All Ethereal users should migrate to Wireshark:

 # emerge --sync
 # emerge --ask --unmerge net-analyzer/ethereal
 # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.2"

To keep the [saved] configuration from Ethereal and reuse it with Wireshark:

 # mv ~/.ethereal ~/.wireshark
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-analyzer/wireshark< 0.99.2UNKNOWN
Gentooanyallnet-analyzer/ethereal<= 0.99.0-r1UNKNOWN

Related

redhat 1
openvas 6
nessus 9
securityvulns 1
centos 2
altlinux 1
debian 1
osv 1
oraclelinux 1
cvelist 6
nvd 6
cve 6
ubuntucve 6
debiancve 6
redhat
redhat
(RHSA-2006:0602) wireshark security update (was ethereal)
2006-08-16 00:00:00
openvas
openvas
SLES9: Security update for ethereal
2009-10-10 00:00:00
SLES9: Security update for ethereal
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200607-09 (wireshark ethereal)
2008-09-24 00:00:00
nessus
nessus
Fedora Core 5 : wireshark-0.99.2-fc5.2 (2006-860)
2007-01-17 00:00:00
RHEL 2.1 / 3 / 4 : wireshark (RHSA-2006:0602)
2006-08-21 00:00:00
openSUSE 10 Security Update : ethereal (ethereal-1932)
2007-10-17 00:00:00
securityvulns
securityvulns
[ MDKSA-2006:128 ] - Updated wireshark packages fix numerous vulnerabilities
2006-07-22 00:00:00
centos
centos
wireshark security update
2006-08-16 23:38:08
wireshark security update
2006-08-16 19:29:57
altlinux
altlinux
Security fix for the ALT Linux 9 package wireshark version 0.99.2-alt1
2006-07-18 00:00:00
debian
debian
[SECURITY] [DSA 1127-1] New ethereal packages fix several vulnerabilities
2006-07-28 05:41:07
osv
osv
ethereal - several
2006-07-28 00:00:00
oraclelinux
oraclelinux
Moderate wireshark security update
2006-12-07 00:00:00
cvelist
cvelist
CVE-2006-3630
2006-07-18 21:00:00
CVE-2006-3629
2006-07-18 21:00:00
CVE-2006-3631
2006-07-18 21:00:00
nvd
nvd
CVE-2006-3631
2006-07-21 14:03:00
CVE-2006-3630
2006-07-21 14:03:00
CVE-2006-3632
2006-07-21 14:03:00
cve
cve
CVE-2006-3629
2006-07-21 14:03:00
CVE-2006-3630
2006-07-21 14:03:00
CVE-2006-3632
2006-07-21 14:03:00
ubuntucve
ubuntucve
CVE-2006-3632
2006-07-21 00:00:00
CVE-2006-3629
2006-07-21 00:00:00
CVE-2006-3630
2006-07-21 00:00:00
debiancve
debiancve
CVE-2006-3631
2006-07-21 14:03:00
CVE-2006-3630
2006-07-21 14:03:00
CVE-2006-3629
2006-07-21 14:03:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.038 Low

EPSS

Percentile

91.9%

JSON
Related for GLSA-200607-09
redhat1openvas6nessus9securityvulns1centos2altlinux1debian1osv1oraclelinux1cvelist6nvd6cve6ubuntucve6debiancve6