Debian Security Advisory DSA 258-1 (ethereal) Network Vulnerability

Summary

The remote host is missing an update to ethereal announced via advisory DSA 258-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20258-1

Insight

Georgi Guninski discovered a problem in ethereal, a network traffic analyzer. The program contains a format string vulnerability that could probably lead to execution of arbitrary code. For the stable distribution (woody) this problem has been fixed in version 0.9.4-1woody3. For the old stable distribution (potato) does not seem to be affected by this problem. For the unstable distribution (sid) this problem has been fixed in version 0.9.9-2. We recommend that you upgrade your ethereal packages.

Severity

Classification

CVE CVE-2003-0081

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 029-1 (proftpd)
Debian Security Advisory DSA 071-1 (fetchmail)
Debian Security Advisory DSA 1011-1 (kernel-patch-vserver, util-vserver)
Debian Security Advisory DSA 030-1 (xfree86-1)
Debian Security Advisory DSA 026-1 (bind)

Take action and discover your vulnerabilities