Debian Security Advisory

DSA-1201-1 ethereal -- several vulnerabilities

Date Reported:
31 Oct 2006
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 396258.
In Mitre's CVE dictionary: CVE-2006-4574, CVE-2006-4805.
More information:

Several remote vulnerabilities have been discovered in the Ethereal network scanner. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2005-4574

    It was discovered that the MIME multipart dissector is vulnerable to denial of service caused by an off-by-one overflow.

  • CVE-2006-4805

    It was discovered that the XOT dissector is vulnerable to denial of service caused by memory corruption.

For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge9. Due to technical problems with the security buildd infrastructure this update lacks builds for the hppa and sparc architecture. They will be released as soon as the problems are resolved.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your ethereal packages.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:

MD5 checksums of the listed files are available in the original advisory.