Version(s): 0.8.14 to 0.10.10 Description: A variety of vulnerabilities were reported in Ethereal, affecting more than 50 different dissectors. A remote user can cause Ethereal to crash, enter an endless loop, or execute arbitrary code. A remote user can send a specially crafted packet via a network monitoried by Ethereal or create a specially crafted packet trace file to trigger one of dozens of vulnerabilities. The flaws include format string, endless loop, null pointer exception, process termination, buffer overflow, and excessive memory allocation vulnerabilities. A remote user can cause the target process to crash, hang, or execute arbitrary code. The following dissectors are affected: 802.3 Slow AIM ANSI A BER Bittorrent CMIP CMP CMS CRMF DHCP DICOM DISTCC DLSw E IGRP ESS FCELS Fibre Channel GSM GSM MAP H.245 IAX2 ICEP ISIS ISUP KINK L2TP LDAP LMP MEGACO MGCP MRDISC NCP NDPS NTLMSSP OCSP PKIX Qualified PKIX1Explitit Presentation Q.931 RADIUS RPC RSVP SIP SMB SMB Mailslot SMB NETLOGON SMB PIPE SRVLOC TCAP Telnet TZSP WSP X.509 Bryan Fulton is credited with discovering the ANSI A dissector vulnerability. Ilja van Sprunde is credited with discovering the DISTCC dissector vulnerability. Neil Kettle is credited with discovering the FCELS dissector vulnerability. Ejovi Nuwere is credited with discovering the SIP dissector vulnerability. Impact: A remote user can cause Ethereal to crash. A remote user can cause Ethereal to enter an endless loop. A remote user can cause Ethereal to execute arbitrary code. Solution: The vendor has issued a fixed version (0.10.11), available at: http://www.ethereal.com/download.html
0.10.11 is already in portage, stable on all but alpha and ia64 right now.
Handling everything on bug #90539 *** This bug has been marked as a duplicate of 90539 ***
