Summary
The remote host is missing updates announced in
advisory GLSA 200607-09.
Solution
All Wireshark users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-0.99.2'
All Ethereal users should migrate to Wireshark:
# emerge --sync
# emerge --ask --unmerge net-analyzer/ethereal
# emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-0.99.2'
To keep the [saved] configuration from Ethereal and reuse it with Wireshark:
# mv ~/.ethereal ~/.wireshark
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200607-09 http://bugs.gentoo.org/show_bug.cgi?id=140856
http://www.wireshark.org/security/wnpa-sec-2006-01.html
Insight
Wireshark (formerly known as Ethereal) is vulnerable to several security issues, potentially allowing the execution of arbitrary code by a remote attacker.
Severity
Classification
-
CVE CVE-2006-3627, CVE-2006-3628, CVE-2006-3629, CVE-2006-3630, CVE-2006-3631, CVE-2006-3632 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities