CERTA-2005-AVI-022

Vulnerability from certfr_avis - Published: 2005-01-24 - Updated: 2005-02-17

None

Description

Ethereal est un renifleur réseau. Il permet l'analyse de données depuis le réseau ou à partir d'un fichier.
Plusieurs vulnérabilités ont été découvertes dans Ethereal permettant à un utilisateur mal intentionné de réaliser un déni de service ou d'exécuter du code arbitraire à distance sur la plate-forme exécutant une version non corrigée d'Ethereal.

Solution

Mettre à jour Ethereal avec la version 0.10.9 corrigeant ces vulnérabilités (cf. section Documentation).

Ethereal versions 0.8.10 à 0.10.8 incluse.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eEthereal versions 0.8.10 \u00e0 0.10.8  incluse.\u003c/p\u003e",
  "content": "## Description\n\nEthereal est un renifleur r\u00e9seau. Il permet l\u0027analyse de donn\u00e9es depuis\nle r\u00e9seau ou \u00e0 partir d\u0027un fichier.  \nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ethereal permettant \u00e0\nun utilisateur mal intentionn\u00e9 de r\u00e9aliser un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur la plate-forme ex\u00e9cutant\nune version non corrig\u00e9e d\u0027Ethereal.\n\n## Solution\n\nMettre \u00e0 jour Ethereal avec la version 0.10.9 corrigeant ces\nvuln\u00e9rabilit\u00e9s (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2005-01-24T00:00:00",
  "last_revision_date": "2005-02-17T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2005:037 du 15 f\u00e9vrier    2005 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2005-037.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-653 du 21 janvier 2005 :",
      "url": "http://www.debian.org/security/2005/dsa-653"
    },
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 du paquetage NetBSD ethereal :",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/net/ethereal/README.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ENPA-SA-00017 de Ethereal :",
      "url": "http://www.ethereal.com/appnotes/enpa-sa-00017.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD pour ethereal, ethereal-lite,    tethereal et tethereal-lite du 08 f\u00e9vrier 2005 :",
      "url": "http://www.vuxml.org/freebsd/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandrake MDKSA-2005:013 du 24 janvier    2005 :",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:013"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200501-27 du 20 janvier    2005 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-27.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SGI 20050202-01-U du 09 f\u00e9vrier 2005 :",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20050202-01-U.asc"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2005:011 du 02 f\u00e9vrier    2005 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2005-011.html"
    },
    {
      "title": "Site Internet de Ethereal :",
      "url": "http://www.ethereal.com"
    }
  ],
  "reference": "CERTA-2005-AVI-022",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-01-24T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandrake et NetBSD.",
      "revision_date": "2005-01-25T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 RedHat RHSA-2005:011.",
      "revision_date": "2005-02-03T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 FreeBSD.",
      "revision_date": "2005-02-09T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 SGI.",
      "revision_date": "2005-02-14T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 RedHat.",
      "revision_date": "2005-02-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de Ethereal",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200501-27",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.