Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

FreeBSD Ports: ethereal, ethereal-lite, tethereal, tethereal-lite

Information

Severity

Severity

Critical

Family

Family

FreeBSD Local Security Checks

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

6 years ago

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Insight

Insight

The following packages are affected: ethereal ethereal-lite tethereal tethereal-lite CVE-2006-1932 Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors. CVE-2006-1933 Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors. CVE-2006-1934 Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code. CVE-2006-1935 Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector. CVE-2006-1936 Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector. CVE-2006-1937 Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via the (1) H.248, (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors and (7) the statistics counter. CVE-2006-1938 Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via the (1) Sniffer capture or (2) SMB PIPE dissector. CVE-2006-1939 Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors. CVE-2006-1940 Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector.

Solution

Solution

Update your system with the appropriate patches or software upgrades. http://www.ethereal.com/appnotes/enpa-sa-00023.html http://secunia.com/advisories/19769/ http://www.vuxml.org/freebsd/21c223f2-d596-11da-8098-00123ffe8333.html