|
|
>> Gentoo Security Update Fixes Ethereal Buffer Overflow Vulnerability
|
Title : Gentoo Security Update Fixes Ethereal Buffer Overflow Vulnerability
VUPEN ID : VUPEN/ADV-2005-2894
CVE ID : CVE-2005-3651
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-15
|
Gentoo has released updated packages to address a vulnerability identified in Ethereal. This flaw is due to a buffer overflow error in the "dissect_ospf_v3_address_prefix()" [packet-ospf.c] function of the Open Shortest Path First (OSPF) protocol dissector when converting data into a human readable string, which could be exploited by remote attackers to compromise or crash a vulnerable system. For additional information, see : VUPEN/ADV-2005-2830
Affected Products
net-analyzer/ethereal versions prior to 0.10.13-r2
Solution
Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=net-analyzer/ethereal-0.10.13-r2"
References
http://www.vupen.com/english/advisories/2005/2894
http://www.frsirt.com/english/reference/2459
ChangeLog
2005-12-15 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
