Red Hat Local Security Checks : RedHat Security Advisory RHSA-2004:378

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51043

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2004:378

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2004:378.

Ethereal is a program for monitoring network traffic.

The SNMP dissector in Ethereal releases 0.8.15 through 0.10.4 contained a
memory read flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash or
possibly execute arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0635 to this issue.

The SMB dissector in Ethereal releases 0.9.15 through 0.10.4 contained a
null pointer flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0634 to this issue.

The iSNS dissector in Ethereal releases 0.10.3 through 0.10.4 contained an
integer overflow flaw. On a system where Ethereal is running, a remote
attacker could send malicious packets that could cause Ethereal to crash or
possibly execute arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0633 to this issue.

Users of Ethereal should upgrade to these updated packages, which contain
a version that is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2004-378.html
http://www.ethereal.com/appnotes/enpa-sa-00015.html

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0633
CERT/CC vulnerability note: VU#829422
http://www.kb.cert.org/vuls/id/829422
Conectiva Linux advisory: CLA-2005:916
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916
http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00013.html
http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00014.html
http://www.gentoo.org/security/en/glsa/glsa-200407-08.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9931
http://www.redhat.com/support/errata/RHSA-2004-378.html
http://securitytracker.com/id?1010655
http://secunia.com/advisories/12024
XForce ISS Database: ethereal-isns-dos(16630)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16630
Common Vulnerability Exposure (CVE) ID: CVE-2004-0634
CERT/CC vulnerability note: VU#518782
http://www.kb.cert.org/vuls/id/518782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10252
XForce ISS Database: ethereal-smb-sid-dos(16631)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16631
Common Vulnerability Exposure (CVE) ID: CVE-2004-0635
CERT/CC vulnerability note: VU#835846
http://www.kb.cert.org/vuls/id/835846
Debian Security Information: DSA-528 (Google Search)
http://www.debian.org/security/2004/dsa-528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9721
XForce ISS Database: ethereal-snmp-community-dos(16632)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16632

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51043
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:378
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:378. Ethereal is a program for monitoring network traffic. The SNMP dissector in Ethereal releases 0.8.15 through 0.10.4 contained a memory read flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0635 to this issue. The SMB dissector in Ethereal releases 0.9.15 through 0.10.4 contained a null pointer flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0634 to this issue. The iSNS dissector in Ethereal releases 0.10.3 through 0.10.4 contained an integer overflow flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0633 to this issue. Users of Ethereal should upgrade to these updated packages, which contain a version that is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-378.html http://www.ethereal.com/appnotes/enpa-sa-00015.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0633 CERT/CC vulnerability note: VU#829422 http://www.kb.cert.org/vuls/id/829422 Conectiva Linux advisory: CLA-2005:916 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00013.html http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00014.html http://www.gentoo.org/security/en/glsa/glsa-200407-08.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9931 http://www.redhat.com/support/errata/RHSA-2004-378.html http://securitytracker.com/id?1010655 http://secunia.com/advisories/12024 XForce ISS Database: ethereal-isns-dos(16630) https://exchange.xforce.ibmcloud.com/vulnerabilities/16630 Common Vulnerability Exposure (CVE) ID: CVE-2004-0634 CERT/CC vulnerability note: VU#518782 http://www.kb.cert.org/vuls/id/518782 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10252 XForce ISS Database: ethereal-smb-sid-dos(16631) https://exchange.xforce.ibmcloud.com/vulnerabilities/16631 Common Vulnerability Exposure (CVE) ID: CVE-2004-0635 CERT/CC vulnerability note: VU#835846 http://www.kb.cert.org/vuls/id/835846 Debian Security Information: DSA-528 (Google Search) http://www.debian.org/security/2004/dsa-528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9721 XForce ISS Database: ethereal-snmp-community-dos(16632) https://exchange.xforce.ibmcloud.com/vulnerabilities/16632
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com