Rapid7 Vulnerability & Exploit Database

CESA-2004:234: ethereal security update

Back to Search

CESA-2004:234: ethereal security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
08/18/2004
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated Ethereal packages that fix various security vulnerabilities are now available.

Ethereal is a program for monitoring network traffic. The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3 contained a buffer overflow flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0507 to this issue. In addition, other flaws in Ethereal prior to 0.10.4 were found that could cause it to crash in response to carefully crafted SIP (CAN-2004-0504), AIM (CAN-2004-0505), or SPNEGO (CAN-2004-0506) packets. Users of Ethereal should upgrade to these updated packages, which contain backported security patches that correct these issues.

Solution(s)

  • centos-upgrade-ethereal
  • centos-upgrade-ethereal-gnome

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;