[Full-disclosure] rPSA-2006-0158-1 tshark wireshark
Justin M. Forbes
jmforbes at rpath.com
Fri Aug 25 05:15:00 BST 2006
rPath Security Advisory: 2006-0158-1
Products: rPath Linux 1
Exposure Level Classification:
Remote Root Non-deterministic Vulnerability
wireshark=/conary.rpath.com at rpl:devel//1/0.99.3a-0.1-1
tshark=/conary.rpath.com at rpl:devel//1/0.99.3a-0.1-1
All versions of the ethereal and tethereal packages, as well as
all previous versions of the wireshark and tshark packages, will
crash and possibly execute remotely-provided code when presented
with certain malformed packets. Because wireshark and tshark are
often run as the root user, this may allow complete access to the
The fixes are available only as part of the wireshark package.
Development of the ethereal program has ceased under the ethereal
name and continued under the wireshark name, due to restrictions
on the use of the "ethereal" trademark. The latest version of the
ethereal and tethereal packages in rPath Linux 1 are now redirects
to the wireshark and tshark packages. The command "conary update
ethereal tethereal" will cause the ethereal and tethereal packages
on the system to be replaced by wireshark and tshark, respectively.
The "conary updateall" command will also appropriately migrate the
system from ethereal to wireshark.
The fix for this vulnerability is available in the latest version of
the wireshark and tshark packages. rPath strongly recommends that
you update to the wireshark and/or tshark packages, and that you
not use the affected ethereal and tethereal packages, particularly
not on untrusted networks or trace files.
Note that vulnerabilities described in CVE-2006-4331 and
CVE-2006-4332, which are also resolved in this version of the
wireshark source code, do not apply to rPath Linux.
Full-Disclosure is hosted and sponsored by Secunia.