Test ID:	1.3.6.1.4.1.25623.1.0.51234
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2002:170
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2002:170. Updated ethereal packages are available which fix several security problems. Ethereal is a package designed for monitoring network traffic on your system. Several security issues have been found in the Ethereal packages distributed with Red Hat Linux Advanced Server: Buffer overflow in Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via the ISIS dissector. (CVE-2002-0834) Buffer overflows in Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. (CVE-2002-0821) Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump (CVE-2002-0822) A buffer overflow in the X11 dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. (CVE-2002-0402) The DNS dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. (CVE-2002-0403) A vulnerability in the GIOP dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (memory consumption). (CVE-2002-0404) Users of Ethereal should update to the errata packages containing Ethereal version 0.9.6 which is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-170.html http://www.ethereal.com/appnotes/enpa-sa-00006.html http://www.ethereal.com/appnotes/enpa-sa-00005.html http://www.ethereal.com/appnotes/enpa-sa-00004.html Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0821 Conectiva Linux advisory: CLSA-2002:505 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505 RedHat Security Advisories: RHSA-2002:169 Common Vulnerability Exposure (CVE) ID: CVE-2002-0822 BugTraq ID: 5167 http://www.securityfocus.com/bid/5167 Conectiva Linux advisory: CLA-2002:505 Common Vulnerability Exposure (CVE) ID: CVE-2002-0834 Common Vulnerability Exposure (CVE) ID: CVE-2002-0402 BugTraq ID: 4805 http://www.securityfocus.com/bid/4805 Bugtraq: 20020529 Potential security issues in Ethereal (Google Search) http://marc.info/?l=bugtraq&m=102268626526119&w=2 Caldera Security Advisory: CSSA-2002-037.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt Debian Security Information: DSA-130 (Google Search) http://www.debian.org/security/2002/dsa-130 http://www.redhat.com/support/errata/RHSA-2002-036.html http://www.redhat.com/support/errata/RHSA-2002-088.html http://www.redhat.com/support/errata/RHSA-2002-170.html http://www.iss.net/security_center/static/9203.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0403 BugTraq ID: 4807 http://www.securityfocus.com/bid/4807 http://www.iss.net/security_center/static/9205.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0404 BugTraq ID: 4808 http://www.securityfocus.com/bid/4808 http://www.iss.net/security_center/static/9206.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.