Red Hat repairs buffer overflows in Ethereal

Two buffer overflow vulnerabilities have been repaired in open-source network monitoring software Ethereal.

Red Hat Inc. released an update to Ethereal that repairs two buffer overflow vulnerabilities found in the open-source network monitoring software.

The overflows could crash Ethereal on Red Hat Linux 9 running on the i386 architecture. All versions of Ethereal prior to version 0.10.0, which was released Dec. 12, are affected.

In its alert, Red Hat said it was not known if anyone exploiting these vulnerabilities would be able to remotely execute code.

It is possible to crash Ethereal by injecting a malformed SMB (server message block protocol) packet onto a network, or tricking a user into reading a malformed packet trace file, Red Hat said.

Users are urged to upgrade to version 0.10.0.

Versions older than 0.10.0 are subject to remote denial-of-service attacks. Malicious SMB packets can trigger a segmentation fault in the SMB dissector as selected packets are processed, Red Hat said.

The other overflow was found in the Q.931 dissector. Sending a malformed packet triggers a null dereference, Red Hat said.

Dig deeper on Linux system security best practices

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close