FreeBSD Ports: ethereal, ethereal-lite, tethereal, tethereal-lite

The remote host is missing an update to the system as announced in the referenced advisory.

The following packages are affected: ethereal ethereal-lite tethereal tethereal-lite CVE-2005-0699 Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values. CVE-2005-0704 Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVE-2005-0705 The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the 'ignore cipher bit' option enabled. allows remote attackers to cause a denial of service (application crash). CVE-2005-0739 The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the the dissect_pdus and pduval_to_str functions.

Update your system with the appropriate patches or software upgrades. http://www.ethereal.com/appnotes/enpa-sa-00018.html http://www.vuxml.org/freebsd/cb470368-94d2-11d9-a9e0-0001020eed82.html