ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA19769] Ethereal Multiple Protocol Dissector Vulnerabilities

> 
> 
> TITLE:
> Ethereal Multiple Protocol Dissector Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA19769
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/19769/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> DoS, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Ethereal 0.x
> http://secunia.com/product/1228/
> 
> DESCRIPTION:
> Multiple vulnerabilities have been reported in Ethereal, which can be
> exploited by malicious people to cause a DoS (Denial of Service) or
> compromise a vulnerable system.
> 
> The vulnerabilities are caused due to various types of errors
> including boundary errors, an off-by-one error, an infinite loop
> error, and several unspecified errors in a multitude of protocol
> dissectors.
> 
> Successful exploitation causes Ethereal to stop responding, consume a
> large amount of system resources, crash, or execute arbitrary code.
> 
> The vulnerabilities affect versions 0.8.5 through 0.10.14.
> 
> SOLUTION:
> Upgrade to version 0.99.0
> http://www.ethereal.com/download.html
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Coverity.
> 
> ORIGINAL ADVISORY:
> http://www.ethereal.com/docs/release-notes/ethereal-0.99.0.html
> http://www.ethereal.com/appnotes/enpa-sa-00023.html
>

 



Copyright © Lexa Software, 1996-2009.