Ethereal is a program for monitoring network traffic.
The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3 contained a
buffer overflow flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash or
execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0507 to this issue.
In addition, other flaws in Ethereal prior to 0.10.4 were found that could
cause it to crash in response to carefully crafted SIP (CAN-2004-0504), AIM
(CAN-2004-0505), or SPNEGO (CAN-2004-0506) packets.
Users of Ethereal should upgrade to these updated packages, which contain
backported security patches that correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ppc | ethereal-gnome | < 0.10.3-0.30E.2 | ethereal-gnome-0.10.3-0.30E.2.ppc.rpm |
RedHat | any | ia64 | ethereal | < 0.10.3-0.AS21.3 | ethereal-0.10.3-0.AS21.3.ia64.rpm |
RedHat | any | i386 | ethereal | < 0.10.3-0.30E.2 | ethereal-0.10.3-0.30E.2.i386.rpm |
RedHat | any | s390x | ethereal | < 0.10.3-0.30E.2 | ethereal-0.10.3-0.30E.2.s390x.rpm |
RedHat | any | ppc | ethereal | < 0.10.3-0.30E.2 | ethereal-0.10.3-0.30E.2.ppc.rpm |
RedHat | any | i386 | ethereal | < 0.10.3-0.AS21.3 | ethereal-0.10.3-0.AS21.3.i386.rpm |
RedHat | any | ia64 | ethereal | < 0.10.3-0.30E.2 | ethereal-0.10.3-0.30E.2.ia64.rpm |
RedHat | any | s390 | ethereal | < 0.10.3-0.30E.2 | ethereal-0.10.3-0.30E.2.s390.rpm |
RedHat | any | x86_64 | ethereal-gnome | < 0.10.3-0.30E.2 | ethereal-gnome-0.10.3-0.30E.2.x86_64.rpm |
RedHat | any | s390 | ethereal-gnome | < 0.10.3-0.30E.2 | ethereal-gnome-0.10.3-0.30E.2.s390.rpm |