Red Hat Local Security Checks : RedHat Security Advisory RHSA-2002:291

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51212

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2002:291

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2002:291.

Updated Ethereal packages are available which fix various security issues.

[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1

Ethereal is a package designed for monitoring network traffic on your
system. Several security issues have been found in the Ethereal packages
distributed with Red Hat Linux Advanced Server 2.1.

Multiple errors involving signed integers in the BGP dissector in Ethereal
0.9.7 and earlier allow remote attackers to cause a denial of service
(infinite loop) via malformed messages. This problem was discovered by
Silvio Cesare. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2002-1355 to this issue.

Ethereal 0.9.7 and earlier allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via malformed
packets to the LMP, PPP, or TDS dissectors. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2002-1356 to
this issue.

Users of Ethereal should update to the errata packages containing Ethereal
version 0.9.8 which is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2002-291.html
http://www.ethereal.com/appnotes/enpa-sa-00007.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2002-1355
http://www.redhat.com/support/errata/RHSA-2002-290.html
Common Vulnerability Exposure (CVE) ID: CVE-2002-1356

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51212
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2002:291
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2002:291. Updated Ethereal packages are available which fix various security issues. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 Ethereal is a package designed for monitoring network traffic on your system. Several security issues have been found in the Ethereal packages distributed with Red Hat Linux Advanced Server 2.1. Multiple errors involving signed integers in the BGP dissector in Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of service (infinite loop) via malformed messages. This problem was discovered by Silvio Cesare. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-1355 to this issue. Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the LMP, PPP, or TDS dissectors. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-1356 to this issue. Users of Ethereal should update to the errata packages containing Ethereal version 0.9.8 which is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-291.html http://www.ethereal.com/appnotes/enpa-sa-00007.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1355 http://www.redhat.com/support/errata/RHSA-2002-290.html Common Vulnerability Exposure (CVE) ID: CVE-2002-1356
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com