Red Hat Bugzilla – Bug 174478
CAN-2005-3184 Ethereal Stack Buffer Overflow
Last modified: 2007-04-18 13:34:49 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20051012 Netscape/8.0.4
Description of problem:
05.43.12 CVE: CAN-2005-3184
Platform: Cross Platform
Title: Ethereal Stack Buffer Overflow
Description: Ethereal is a network analyzer. It is vulnerable to a
remote buffer overflow issue when dissecting Service Location Protocol
(SRVLOC) packets. Ethereal versions 0.10.13 and ealier are vulnerable.
Version-Release number of selected component (if applicable):
AFAICT, unless we've been misinformed, problem # 05.43.12 (CAN-2005-3184) is
indeed fixed in ethereal-0.10.13. The claim, "Ethereal versions 0.1.13 and
earlier are vulnerable," is incorrect. Instead it should say, "Ethereal
versions 0.10.12 and earlier are vulnerable."
See Ethereal appnote enpa-sa-00021 at
and Bug #152922 comment 15.
Perhaps, John, you can inform whoever produced 05.43.12 of their typo?
I would close this bug as a duplicate of Bug #152922.
*** This bug has been marked as a duplicate of 152922 ***