Gentoo Security Advisory GLSA 200607-09 (wireshark Ethereal) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200607-09.

Solution

All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-0.99.2' All Ethereal users should migrate to Wireshark: # emerge --sync # emerge --ask --unmerge net-analyzer/ethereal # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-0.99.2' To keep the [saved] configuration from Ethereal and reuse it with Wireshark: # mv ~/.ethereal ~/.wireshark http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200607-09 http://bugs.gentoo.org/show_bug.cgi?id=140856 http://www.wireshark.org/security/wnpa-sec-2006-01.html

Insight

Wireshark (formerly known as Ethereal) is vulnerable to several security issues, potentially allowing the execution of arbitrary code by a remote attacker.

Severity

Classification

CVE CVE-2006-3627, CVE-2006-3628, CVE-2006-3629, CVE-2006-3630, CVE-2006-3631, CVE-2006-3632

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200607-09 (wireshark ethereal)

Take action and discover your vulnerabilities