A NULL pointer dereference flaw was found in the way EtherApe, a graphical network monitor, decoded certain RPC packets. A remote attacker could provide a specially-crafted packet capture file, which once opened by a local unsuspecting user could lead to denial of service (etherape executable crash). Reproducible: Always
Arches, please test and mark stable: =net-analyzer/etherape-0.9.12 target KEYWORDS : "amd64 ppc ppc64 sparc x86"
Just point bug 383727 but is not a blocker. amd64 ok
amd64: pass
x86 stable.
+ 20 Sep 2011; Tony Vroon <chainsaw@gentoo.org> etherape-0.9.12.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & + Elijah "Armageddon" El Lazkani in security bug #383689 filed by Sean Amoss.
sparc stable
ppc/ppc64 stable, last arch done
Thanks, everyone. GLSA Vote: no.
CVE-2011-3369 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3369): The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, related to the get_rpc function in decode_proto.c.
Vote: NO. Closing noglsa.