Package name
Advisory ID
Affected versions
9.2 i586 , 9.1 i586 , 9.1 i586

Problem description

A number of vulnerabilities were discovered in ethereal that, if exploited, could be used to make ethereal crash or run arbitrary code by injecting malicious malformed packets onto the wire or by convincing someone to read a malformed packet trace file. A buffer overflow allows attackers to cause a DoS (Denial of Service) and possibly execute arbitrary code using a malformed GTP MSISDN string (CAN-2003-0925). Likewise, a DoS can be caused by using malformed ISAKMP or MEGACO packets (CAN-2003-0926). Finally, a heap-based buffer overflow allows attackers to cause a DoS or execute arbitrary code using the SOCKS dissector (CAN-2003-0927). All three vulnerabilities affect all versions of Ethereal up to and including 0.9.15. This update provides 0.9.16 which corrects all of these issues. Also note that each vulnerability can be exploited by a remote attacker.

Updated packages

9.2 i586

 f88623242a1f28900a073c6b205e8f67  9.2/RPMS/ethereal-0.9.16-2.1.92mdk.i586.rpm
3be53a6f83092086aa74d3334e4e1133  9.2/SRPMS/ethereal-0.9.16-2.1.92mdk.src.rpm

9.1 i586

 db5ae031a844f1dea0c9d4329f54c487  ppc/9.1/RPMS/ethereal-0.9.16-2.1.91mdk.ppc.rpm
58ba4528b16ee80cfbbd6ab6a881f6ed  ppc/9.1/SRPMS/ethereal-0.9.16-2.1.91mdk.src.rpm

9.1 i586

 6f7a55137bfe58e52ac26c7a1555117d  9.1/RPMS/ethereal-0.9.16-2.1.91mdk.i586.rpm
58ba4528b16ee80cfbbd6ab6a881f6ed  9.1/SRPMS/ethereal-0.9.16-2.1.91mdk.src.rpm