FreeBSD Ports: ethereal, ethereal-lite, tethereal, tethereal-lite

The remote host is missing an update to the system as announced in the referenced advisory.

The following packages are affected: ethereal ethereal-lite tethereal tethereal-lite CVE-2006-1932 Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors. CVE-2006-1933 Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors. CVE-2006-1934 Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code. CVE-2006-1935 Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector. CVE-2006-1936 Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector. CVE-2006-1937 Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via the (1) H.248, (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors and (7) the statistics counter. CVE-2006-1938 Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via the (1) Sniffer capture or (2) SMB PIPE dissector. CVE-2006-1939 Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors. CVE-2006-1940 Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector.

Update your system with the appropriate patches or software upgrades. http://www.ethereal.com/appnotes/enpa-sa-00023.html http://secunia.com/advisories/19769/ http://www.vuxml.org/freebsd/21c223f2-d596-11da-8098-00123ffe8333.html