FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ethereal -- Multiple Protocol Dissector Vulnerabilities

Affected packages
0.8.5 <= ethereal < 0.99.0
0.8.5 <= ethereal-lite < 0.99.0
0.8.5 <= tethereal < 0.99.0
0.8.5 <= tethereal-lite < 0.99.0

Details

VuXML ID 21c223f2-d596-11da-8098-00123ffe8333
Discovery 2006-04-25
Entry 2006-04-27

Secunia reports:

Multiple vulnerabilities have been reported in Ethereal, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerabilities are caused due to various types of errors including boundary errors, an off-by-one error, an infinite loop error, and several unspecified errors in a multitude of protocol dissectors.

Successful exploitation causes Ethereal to stop responding, consume a large amount of system resources, crash, or execute arbitrary code.

References

CVE Name CVE-2006-1932
CVE Name CVE-2006-1933
CVE Name CVE-2006-1934
CVE Name CVE-2006-1935
CVE Name CVE-2006-1936
CVE Name CVE-2006-1937
CVE Name CVE-2006-1938
CVE Name CVE-2006-1939
CVE Name CVE-2006-1940
URL http://secunia.com/advisories/19769/
URL http://www.ethereal.com/appnotes/enpa-sa-00023.html