Red Hat Inc. released an update to Ethereal that repairs two buffer overflow vulnerabilities found in the open-source network monitoring software.
The overflows could crash Ethereal on Red Hat Linux 9
In its alert, Red Hat said it was not known if anyone exploiting these vulnerabilities would be able to remotely execute code.
It is possible to crash Ethereal by injecting a malformed SMB (server message block protocol) packet onto a network, or tricking a user into reading a malformed packet trace file, Red Hat said.
Users are urged to upgrade to version 0.10.0.
Versions older than 0.10.0 are subject to remote denial-of-service attacks. Malicious SMB packets can trigger a segmentation fault in the SMB dissector as selected packets are processed, Red Hat said.
The other overflow was found in the Q.931 dissector. Sending a malformed packet triggers a null dereference, Red Hat said.