Gentoo Security Advisory GLSA 200501-27 (ethereal) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200501-27.

Solution

All Ethereal users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/ethereal-0.10.9' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200501-27 http://bugs.gentoo.org/show_bug.cgi?id=78559 http://www.ethereal.com/news/item_20050120_01.html

Insight

Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

Severity

Classification

CVE CVE-2005-0006, CVE-2005-0007, CVE-2005-0008, CVE-2005-0009, CVE-2005-0010, CVE-2005-0084
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200409-05 (Gallery)
Gentoo Security Advisory GLSA 200407-02 (Kernel)
Gentoo Security Advisory GLSA 200407-14 (Unreal Tournament)
Gentoo Security Advisory GLSA 200312-03 (rsync)
Gentoo Security Advisory GLSA 200404-03 (tcpdump)

Take action and discover your vulnerabilities