Gentoo Security Advisory GLSA 200412-15 (Ethereal) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200412-15.

Solution

All ethereal users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/ethereal-0.10.8' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200412-15 http://bugs.gentoo.org/show_bug.cgi?id=74443 http://www.ethereal.com/appnotes/enpa-sa-00016.html

Insight

Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

Severity

Classification

CVE CVE-2004-1139, CVE-2004-1140, CVE-2004-1141, CVE-2004-1142

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200501-42 (VDR)
Gentoo Security Advisory GLSA 200404-04 (sysstat)
Gentoo Security Advisory GLSA 200407-12 (Kernel)
Gentoo Security Advisory GLSA 200407-04 (Pure-FTPd)
Gentoo Security Advisory GLSA 200502-11 (mailman)

Take action and discover your vulnerabilities