Red Hat repairs buffer overflows in Ethereal

Michael S. Mimoso, Editorial Director

Red Hat Inc. released an update to Ethereal that repairs two buffer overflow vulnerabilities found in the open-source network monitoring software.

The overflows could crash Ethereal on Red Hat Linux 9

Requires Free Membership to View

running on the i386 architecture. All versions of Ethereal prior to version 0.10.0, which was released Dec. 12, are affected.

In its alert, Red Hat said it was not known if anyone exploiting these vulnerabilities would be able to remotely execute code.

It is possible to crash Ethereal by injecting a malformed SMB (server message block protocol) packet onto a network, or tricking a user into reading a malformed packet trace file, Red Hat said.

Users are urged to upgrade to version 0.10.0.

Versions older than 0.10.0 are subject to remote denial-of-service attacks. Malicious SMB packets can trigger a segmentation fault in the SMB dissector as selected packets are processed, Red Hat said.

The other overflow was found in the Q.931 dissector. Sending a malformed packet triggers a null dereference, Red Hat said.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: