Ethereal: security problems in ethereal 0.9.15

Ethereal: security problems in ethereal 0.9.15 Ethereal is vulnerable to heap and buffer overflows in the GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors. Ethereal 2003-11-22 2003-11-22 32691 remote 0.9.16 0.9.16

Ethereal is a popular network protocol analyzer.

Ethereal contains buffer overflow vulnerabilities in the GTP, ISAKMP, and MEGACO protocol dissectors, and a heap overflow vulnerability in the SOCKS protocol dissector, which could cause Ethereal to crash or to execute arbitrary code.

A remote attacker could craft a malformed packet which would cause Ethereal to crash or run arbitrary code with the permissions of the user running Ethereal.

There is no known workaround at this time, other than to disable the GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors.

It is recommended that all Gentoo Linux users who are running net-analyzer/ethereal 0.9.x upgrade:


    # emerge sync
    # emerge -pv '>=net-analyzer/ethereal-0.9.16'
    # emerge '>=net-analyzer/ethereal-0.9.16'
    # emerge clean

Ethereal Security Advisory