Title : Debian Security Update Fixes Ethereal Buffer Overflow Vulnerability VUPEN ID : VUPEN/ADV-2005-2866 CVE ID : CVE-2005-3651
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-12-13
Technical Description
Debian has released updated packages to address a vulnerability identified in Ethereal. This flaw is due to a buffer overflow error in the "dissect_ospf_v3_address_prefix()" [packet-ospf.c] function of the Open Shortest Path First (OSPF) protocol dissector when converting data into a human readable string, which could be exploited by remote attackers to compromise or crash a vulnerable system. For additional information, see : VUPEN/ADV-2005-2830
Debian GNU/Linux old-stable (woody) - Upgrade to version 0.9.4-1woody14
Debian GNU/Linux stable (sarge) - Upgrade to version 0.10.10-2sarge3
Debian GNU/Linux unstable (sid) - A fix will be available soon References
