PT-2006-2918 · Ethereal · Ethereal
Gerald Combs
·
Published
2006-04-25
·
Updated
2024-02-14
·
CVE-2006-1934
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Ethereal versions 0.10.x up to 0.10.14
Description
The issue is related to multiple buffer overflows that can be triggered remotely, potentially allowing attackers to cause a denial of service (crash) and possibly execute arbitrary code. This is achieved through the ALCAP dissector, Network Instruments file code, or NetXray/Windows Sniffer file code.
Recommendations
For Ethereal versions 0.10.x up to 0.10.14, consider updating to a version that is not affected by these buffer overflows. As a temporary workaround, restrict the use of the ALCAP dissector, Network Instruments file code, and NetXray/Windows Sniffer file code to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ethereal