Updated ethereal packages are now available which fix a format string bug and a heap-based buffer overflow.
Ethereal is a package designed for monitoring network traffic on your system. Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via carefully crafted SOCKS packets. Red Hat would like to thank Georgi Guninski for reporting this issue. Additionally, a heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. Users of Ethereal should update to the erratum packages containing Ethereal version 0.9.11 which are not vulnerable to these issues.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center