Ethereal

enpa-sa-00022
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Application Notes | Summary | Details

Summary

Name: Multiple problems in Ethereal versions 0.8.20 to 0.10.13

Docid: enpa-sa-00022

Date: December 27, 2005

Versions affected: 0.8.20 up to and including 0.10.13

Severity: High

Details

Description:

Three security issues have turned up since Ethereal 0.10.13 was released:

Impact:

It may be possible to make Ethereal crash, use up available system resources, or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed trace file.

Resolution:

Upgrade to 0.10.14.

If you are running a version prior to 0.10.14 and you cannot upgrade, you can disable the GTP, IRC, and OSPF protocol dissectors by selecting Analyze->Enabled Protocols... and disabling them in the list.

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.