Thursday, April 27, 2006

If you use Ethereal, update as soon as possible

From SANS: "Yes, if you use Ethereal, it is time to upgrade. According an advisory posted by Frsirt, 28 vulnerabilities has been identified in Ethereal "which could be exploited by remote attackers to compromise a vulnerable system or cause a denial of service.""

28 vulnerabilities? Wow. Ethereal is a great program, but it's time they really think about security. OpenBSD even removed it from its ports as a consequence of its problems.

Maybe I'll try to "sandbox" it through Core Force and see what can be done, but still, it might be that because of Ethereal's inherent privileges it's not going to be enough.


Post a Comment

<< Home