Red Hat Inc. released an update to Ethereal that repairs two buffer overflow vulnerabilities found in the open-source
network monitoring software.
The overflows could crash Ethereal on Red Hat Linux 9 running on the i386 architecture. All versions of Ethereal prior to version 0.10.0, which was released Dec. 12, are affected.
In its alert, Red Hat said it was not known if anyone exploiting these vulnerabilities would be able to remotely execute code.
It is possible to crash Ethereal by injecting a malformed SMB (server message block protocol) packet onto a network, or tricking a user into reading a malformed packet trace file, Red Hat said.
Users are urged to upgrade to version 0.10.0.
Versions older than 0.10.0 are subject to remote denial-of-service attacks. Malicious SMB packets can trigger a segmentation fault in the SMB dissector as selected packets are processed, Red Hat said.
The other overflow was found in the Q.931 dissector. Sending a malformed packet triggers a null dereference, Red Hat said.