Gentoo Security Advisory GLSA 200501-27 (ethereal) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200501-27.

Solution

All Ethereal users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/ethereal-0.10.9' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-27 http://bugs.gentoo.org/show_bug.cgi?id=78559 http://www.ethereal.com/news/item_20050120_01.html

Insight

Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

Severity

Classification

CVE CVE-2005-0006, CVE-2005-0007, CVE-2005-0008, CVE-2005-0009, CVE-2005-0010, CVE-2005-0084

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200311-06 (glibc)
Gentoo Security Advisory GLSA 200404-19 (lcdproc)
Gentoo Security Advisory GLSA 200404-15 (xchat)
Gentoo Security Advisory GLSA 200406-17 (IPsec-Tools)
Gentoo Security Advisory GLSA 200405-24 (mplayer)

Take action and discover your vulnerabilities