ID de Prueba:	1.3.6.1.4.1.25623.1.0.51111
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:234
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:234. Ethereal is a program for monitoring network traffic. The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3 contained a buffer overflow flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0507 to this issue. In addition, other flaws in Ethereal prior to 0.10.4 were found that could cause it to crash in response to carefully crafted SIP (CVE-2004-0504), AIM (CVE-2004-0505), or SPNEGO (CVE-2004-0506) packets. Users of Ethereal should upgrade to these updated packages, which contain backported security patches that correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-234.html http://www.ethereal.com/appnotes/enpa-sa-00014.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0504 BugTraq ID: 10347 http://www.securityfocus.com/bid/10347 Computer Incident Advisory Center Bulletin: O-150 http://www.ciac.org/ciac/bulletins/o-150.shtml Conectiva Linux advisory: CLA-2005:916 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 http://security.gentoo.org/glsa/glsa-200406-01.xml http://www.ethereal.com/lists/ethereal-users/200405/msg00018.html http://www.osvdb.org/6131 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9769 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A982 RedHat Security Advisories: RHSA-2004:234 http://securitytracker.com/id?1010158 http://secunia.com/advisories/11608 http://secunia.com/advisories/11776 http://secunia.com/advisories/11836 SGI Security Advisory: 20040604-01-U ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc SGI Security Advisory: 20040605-01-U ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc XForce ISS Database: ethereal-sip-packet-dos(16148) https://exchange.xforce.ibmcloud.com/vulnerabilities/16148 Common Vulnerability Exposure (CVE) ID: CVE-2004-0505 http://www.osvdb.org/6132 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9433 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A986 XForce ISS Database: ethereal-aim-dissector-dos(16150) https://exchange.xforce.ibmcloud.com/vulnerabilities/16150 Common Vulnerability Exposure (CVE) ID: CVE-2004-0506 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9695 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A987 XForce ISS Database: ethereal-spnego-dos(16151) https://exchange.xforce.ibmcloud.com/vulnerabilities/16151 Common Vulnerability Exposure (CVE) ID: CVE-2004-0507 http://www.osvdb.org/6134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11026 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A988 http://rhn.redhat.com/errata/RHSA-2004-234.html XForce ISS Database: ethereal-mmse-bo(16152) https://exchange.xforce.ibmcloud.com/vulnerabilities/16152
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.