DSA-1049-1

Details

Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2006-1932 CVE-2006-1933 CVE-2006-1934 CVE-2006-1935 CVE-2006-1936 CVE-2006-1937 CVE-2006-1938 CVE-2006-1939 CVE-2006-1940 BugTraq ID : 17682

Gerald Combs reported several vulnerabilities in ethereal, a popular network traffic analyser. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-1932

The OID printing routine is susceptible to an off-by-one error.

CVE-2006-1933

 The UMA and BER dissectors could go into an infinite loop.

CVE-2006-1934

The Network Instruments file code could overrun a buffer.

CVE-2006-1935

The COPS dissector contains a potential buffer overflow.

CVE-2006-1936

The telnet dissector contains a buffer overflow.

CVE-2006-1937

Bugs in the SRVLOC and AIM dissector, and in the statistics
counter could crash ethereal.

CVE-2006-1938

Null pointer dereferences in the SMB PIPE dissector and when
reading a malformed Sniffer capture could crash ethereal.

CVE-2006-1939

Null pointer dereferences in the ASN.1, GSM SMS, RPC and
ASN.1-based dissector and an invalid display filter could crash
ethereal.

CVE-2006-1940

The SNDCP dissector could cause an unintended abortion.

Affected Packages

ethereal

Debian 3.0

Fixed in:

0.9.4-1woody15

ethereal

Debian 3.1

Fixed in:

0.10.10-2sarge5

References

ADVISORYhttps://security-tracker.debian.org/tracker/DSA-1049-1

DSA-1049-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline