Red Hat Local Security Checks : RedHat Security Advisory RHSA-2002:170

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.51234

Kategorie: Red Hat Local Security Checks

Titel: RedHat Security Advisory RHSA-2002:170

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory RHSA-2002:170.

Updated ethereal packages are available which fix several security problems.

Ethereal is a package designed for monitoring network traffic on your
system. Several security issues have been found in the Ethereal packages
distributed with Red Hat Linux Advanced Server:

Buffer overflow in Ethereal 0.9.5 and earlier allows remote attackers to
cause a denial of service or execute arbitrary code via the ISIS dissector.
(CVE-2002-0834)

Buffer overflows in Ethereal 0.9.4 and earlier allows remote attackers
to cause a denial of service or execute arbitrary code via (1) the BGP
dissector, or (2) the WCP dissector. (CVE-2002-0821)

Ethereal 0.9.4 and earlier allows remote attackers to cause a denial
of service and possibly excecute arbitrary code via the (1) SOCKS, (2)
RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core
dump (CVE-2002-0822)

A buffer overflow in the X11 dissector in Ethereal before 0.9.4 allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code while Ethereal is parsing keysyms. (CVE-2002-0402)

The DNS dissector in Ethereal before 0.9.4 allows remote attackers to
cause a denial of service (CPU consumption) via a malformed packet
that causes Ethereal to enter an infinite loop. (CVE-2002-0403)

A vulnerability in the GIOP dissector in Ethereal before 0.9.4 allows
remote attackers to cause a denial of service (memory consumption).
(CVE-2002-0404)

Users of Ethereal should update to the errata packages containing Ethereal
version 0.9.6 which is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2002-170.html
http://www.ethereal.com/appnotes/enpa-sa-00006.html
http://www.ethereal.com/appnotes/enpa-sa-00005.html
http://www.ethereal.com/appnotes/enpa-sa-00004.html

Risk factor : High

CVSS Score:
7.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2002-0821
Conectiva Linux advisory: CLSA-2002:505
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
RedHat Security Advisories: RHSA-2002:169
Common Vulnerability Exposure (CVE) ID: CVE-2002-0822
BugTraq ID: 5167
http://www.securityfocus.com/bid/5167
Conectiva Linux advisory: CLA-2002:505
Common Vulnerability Exposure (CVE) ID: CVE-2002-0834
Common Vulnerability Exposure (CVE) ID: CVE-2002-0402
BugTraq ID: 4805
http://www.securityfocus.com/bid/4805
Bugtraq: 20020529 Potential security issues in Ethereal (Google Search)
http://marc.info/?l=bugtraq&m=102268626526119&w=2
Caldera Security Advisory: CSSA-2002-037.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Debian Security Information: DSA-130 (Google Search)
http://www.debian.org/security/2002/dsa-130
http://www.redhat.com/support/errata/RHSA-2002-036.html
http://www.redhat.com/support/errata/RHSA-2002-088.html
http://www.redhat.com/support/errata/RHSA-2002-170.html
http://www.iss.net/security_center/static/9203.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0403
BugTraq ID: 4807
http://www.securityfocus.com/bid/4807
http://www.iss.net/security_center/static/9205.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0404
BugTraq ID: 4808
http://www.securityfocus.com/bid/4808
http://www.iss.net/security_center/static/9206.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.51234
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2002:170
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2002:170. Updated ethereal packages are available which fix several security problems. Ethereal is a package designed for monitoring network traffic on your system. Several security issues have been found in the Ethereal packages distributed with Red Hat Linux Advanced Server: Buffer overflow in Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via the ISIS dissector. (CVE-2002-0834) Buffer overflows in Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. (CVE-2002-0821) Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump (CVE-2002-0822) A buffer overflow in the X11 dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. (CVE-2002-0402) The DNS dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. (CVE-2002-0403) A vulnerability in the GIOP dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (memory consumption). (CVE-2002-0404) Users of Ethereal should update to the errata packages containing Ethereal version 0.9.6 which is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-170.html http://www.ethereal.com/appnotes/enpa-sa-00006.html http://www.ethereal.com/appnotes/enpa-sa-00005.html http://www.ethereal.com/appnotes/enpa-sa-00004.html Risk factor : High CVSS Score: 7.5
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0821 Conectiva Linux advisory: CLSA-2002:505 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505 RedHat Security Advisories: RHSA-2002:169 Common Vulnerability Exposure (CVE) ID: CVE-2002-0822 BugTraq ID: 5167 http://www.securityfocus.com/bid/5167 Conectiva Linux advisory: CLA-2002:505 Common Vulnerability Exposure (CVE) ID: CVE-2002-0834 Common Vulnerability Exposure (CVE) ID: CVE-2002-0402 BugTraq ID: 4805 http://www.securityfocus.com/bid/4805 Bugtraq: 20020529 Potential security issues in Ethereal (Google Search) http://marc.info/?l=bugtraq&m=102268626526119&w=2 Caldera Security Advisory: CSSA-2002-037.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt Debian Security Information: DSA-130 (Google Search) http://www.debian.org/security/2002/dsa-130 http://www.redhat.com/support/errata/RHSA-2002-036.html http://www.redhat.com/support/errata/RHSA-2002-088.html http://www.redhat.com/support/errata/RHSA-2002-170.html http://www.iss.net/security_center/static/9203.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0403 BugTraq ID: 4807 http://www.securityfocus.com/bid/4807 http://www.iss.net/security_center/static/9205.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0404 BugTraq ID: 4808 http://www.securityfocus.com/bid/4808 http://www.iss.net/security_center/static/9206.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com