Debian Security Advisory DSA 130-1 (ethereal)

The remote host is missing an update to ethereal announced via advisory DSA 130-1.

Ethereal versions prior to 0.9.3 were vulnerable to an allocation error in the ASN.1 parser. This can be triggered when analyzing traffic using the SNMP, LDAP, COPS, or Kerberos protocols in ethereal. This vulnerability was announced in the ethereal security advisory enpa-sa-00003 and has been given the proposed CVE id of CVE-2002-0353. This issue has been corrected in ethereal version 0.8.0-3potato for Debian 2.2 (potato). Additionally, a number of vulnerabilities were discussed in ethereal security advisory enpa-sa-00004 the version of ethereal in Debian 2.2 (potato) is not vulnerable to the issues raised in this later advisory. Users of the not-yet-released woody distribution should ensure that they are running ethereal 0.9.4-1 or a later version. We recommend you upgrade your ethereal package immediately.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20130-1