Debian Security Advisory
ethereal -- remote exploit
- Date Reported:
- 21 Nov 2000
- Affected Packages:
- ethereal
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
- hacksware reported a buffer overflow in the AFS packet parsing code in ethereal. Gerald Combs then found more overflows in the netbios and ntp decoding logic as well. An attacker can exploit those overflows by sending carefully crafted packets to a network that is being monitored by ethereal. This has been fixed in version 0.8.0-2potato and we recommend you upgrade your ethereal package immediately.
- Fixed in:
-
Debian 2.2 (potato)
- Source:
-
http://security.debian.org/dists/stable/updates/main/source/ethereal_0.8.0-2potato.diff.gz
-
http://security.debian.org/dists/stable/updates/main/source/ethereal_0.8.0-2potato.dsc
-
http://security.debian.org/dists/stable/updates/main/source/ethereal_0.8.0.orig.tar.gz
- alpha:
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/ethereal_0.8.0-2potato_alpha.deb
- arm:
-
http://security.debian.org/dists/stable/updates/main/binary-arm/ethereal_0.8.0-2potato_arm.deb
- i386:
-
http://security.debian.org/dists/stable/updates/main/binary-i386/ethereal_0.8.0-2potato_i386.deb
- m68k:
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/ethereal_0.8.0-2potato_m68k.deb
- powerpc:
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ethereal_0.8.0-2potato_powerpc.deb
- sparc:
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/ethereal_0.8.0-2potato_sparc.deb