LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated ethereal packages fix vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A stack-based buffer overflow was discovered in the OSPF dissector in Ethereal. This could potentially be abused to allow remote attackers to execute arbitrary code via crafted packets. The updated packages have been patched to prevent this problem.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:227
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ethereal
 Date    : December 14, 2005
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 A stack-based buffer overflow was discovered in the OSPF dissector in
 Ethereal.  This could potentially be abused to allow remote attackers
 to execute arbitrary code via crafted packets.
 
 The updated packages have been patched to prevent this problem.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3651
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 027fdd01892a957cbd51e12bfb67c5f8  2006.0/RPMS/ethereal-0.10.13-0.5.20060mdk.i586.rpm
 73193fe2d3878cecab885d8b6cd6a08a  2006.0/RPMS/ethereal-tools-0.10.13-0.5.20060mdk.i586.rpm
 2ec34afc4cdbd31bfa68640f13ff806e  2006.0/RPMS/libethereal0-0.10.13-0.5.20060mdk.i586.rpm
 5254cd0a674ed501d25ec42ee4191cf1  2006.0/RPMS/tethereal-0.10.13-0.5.20060mdk.i586.rpm
 a8c390894b8410e06b12d1f2049db2d6  2006.0/SRPMS/ethereal-0.10.13-0.5.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 09829fadefeb435e75aefa966b51cc56  x86_64/2006.0/RPMS/ethereal-0.10.13-0.5.20060mdk.x86_64.rpm
 5c0e3a206220014841a540e149fe96e0  x86_64/2006.0/RPMS/ethereal-tools-0.10.13-0.5.20060mdk.x86_64.rpm
 7ca64eb45c380c5eccec6d99e4ca9780  x86_64/2006.0/RPMS/lib64ethereal0-0.10.13-0.5.20060mdk.x86_64.rpm
 8510de1e6d3f38ed08d6f863d56c0ee9  x86_64/2006.0/RPMS/tethereal-0.10.13-0.5.20060mdk.x86_64.rpm
 a8c390894b8410e06b12d1f2049db2d6  x86_64/2006.0/SRPMS/ethereal-0.10.13-0.5.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Anti-surveillance advocates want you to run an open, secure WiFi router
Attackers raid SWISS BANKS with DNS and malware bombs
A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying
Black Hat presentation on TOR suddenly cancelled
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.