[MBT] new ticket for pkg ethereal "Multiple security issues (RHSA-2002:290-07)"
bugs at pld.org.pl
bugs at pld.org.pl
Tue Jan 14 17:49:14 CET 2003
Date: 2003-01-14 17:49:13+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Multiple security issues (RHSA-2002:290-07)
Ticket ID: #533
Ticket URL: http://bugs.pld.org.pl/?bug=533
Package: ethereal-0.9.6-1
Distribution: PLD-Ra.main
Category: security problem
Current state: opened
Text:
Citing from above security announcement:
Multiple integer signedness errors in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages. This problem was discovered by Silvio Cesare. CAN-2002-1355
Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the LMP, PPP, or TDS dissectors. CAN-2002-1356
Users of Ethereal should update to the erratum packages containing Ethereal version 0.9.8 which is not vulnerable to these issues.
More information about the pld-bugs
mailing list