MDKSA-2003:051

Package name

ethereal

Date

2003-04-24

Advisory ID

MDKSA-2003:051

Affected versions

9.1 i586 , 9.1 i586

Problem description

A vulnerability was discovered in Ethereal 0.9.9 and earlier that allows a remote attacker to use specially crafted SOCKS packets to cause a denial of service (DoS) and possibly execute arbitrary code. A similar vulnerability also exists in the NTLMSSP code in Ethereal 0.9.9 and earlier, due to a heap-based buffer overflow.

Updated packages

9.1 i586

 b1a6d31b7bae110678b4715e0e83a042  ppc/9.1/RPMS/ethereal-0.9.11-1.1mdk.ppc.rpm
10959548f2d2b3b0b8098669511611bb  ppc/9.1/SRPMS/ethereal-0.9.11-1.1mdk.src.rpm

9.1 i586

 0305a98a99d02249cf4394e0813530ce  9.1/RPMS/ethereal-0.9.11-1.1mdk.i586.rpm
10959548f2d2b3b0b8098669511611bb  9.1/SRPMS/ethereal-0.9.11-1.1mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0081
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0159
• http://www.ethereal.com/appnotes/enpa-sa-00008.html