Skip to main content

Red Hat repairs buffer overflows in Ethereal

posted onJanuary 9, 2004
by hitbsecnews

Red Hat Inc. released an update to Ethereal that repairs two buffer overflow vulnerabilities found in the open-source network monitoring software.

The overflows could crash Ethereal on Red Hat Linux 9 running on the i386 architecture. All versions of Ethereal prior to version 0.10.0, which was released Dec. 12, are affected.

In its alert, Red Hat said it was not known if anyone exploiting these vulnerabilities would be able to remotely execute code.

It is possible to crash Ethereal by injecting a malformed SMB (server message block protocol) packet onto a network, or tricking a user into reading a malformed packet trace file, Red Hat said.

Users are urged to upgrade to version 0.10.0.

Versions older than 0.10.0 are subject to remote denial-of-service attacks. Malicious SMB packets can trigger a segmentation fault in the SMB dissector as selected packets are processed, Red Hat said.

Source

Tags

Red Hat

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th