Ethereal

enpa-sa-00011
Google
 
Web Ethereal.com

Home | Introduction | Download | Documentation | Lists | FAQ | Development | Wiki | Bugs

Application Notes | Summary | Details

Summary

Name: Security problems in Ethereal 0.9.15

Docid: enpa-sa-00011

Date: November 3, 2003

Versions affected: 0.8.7 up to and including 0.9.15

Severity: High

Details

Description:

Potential security issues have been discovered in the following protocol dissectors:

Impact:

It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file.

Resolution:

Upgrade to 0.9.16.

If you are running a version prior to 0.9.16 and you cannot upgrade, you can disable the GTP, ISAKMP, MEGACO, and SOCKS protocol dissectors by selecting Edit->Protocols... and deselecting them from the list.

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com .
Last modified: Thu, September 15 2005.