ID de Prueba:	1.3.6.1.4.1.25623.1.0.51234
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2002:170
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2002:170. Updated ethereal packages are available which fix several security problems. Ethereal is a package designed for monitoring network traffic on your system. Several security issues have been found in the Ethereal packages distributed with Red Hat Linux Advanced Server: Buffer overflow in Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via the ISIS dissector. (CVE-2002-0834) Buffer overflows in Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. (CVE-2002-0821) Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump (CVE-2002-0822) A buffer overflow in the X11 dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. (CVE-2002-0402) The DNS dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. (CVE-2002-0403) A vulnerability in the GIOP dissector in Ethereal before 0.9.4 allows remote attackers to cause a denial of service (memory consumption). (CVE-2002-0404) Users of Ethereal should update to the errata packages containing Ethereal version 0.9.6 which is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-170.html http://www.ethereal.com/appnotes/enpa-sa-00006.html http://www.ethereal.com/appnotes/enpa-sa-00005.html http://www.ethereal.com/appnotes/enpa-sa-00004.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0821 Conectiva Linux advisory: CLSA-2002:505 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505 RedHat Security Advisories: RHSA-2002:169 Common Vulnerability Exposure (CVE) ID: CVE-2002-0822 BugTraq ID: 5167 http://www.securityfocus.com/bid/5167 Conectiva Linux advisory: CLA-2002:505 Common Vulnerability Exposure (CVE) ID: CVE-2002-0834 Common Vulnerability Exposure (CVE) ID: CVE-2002-0402 BugTraq ID: 4805 http://www.securityfocus.com/bid/4805 Bugtraq: 20020529 Potential security issues in Ethereal (Google Search) http://marc.info/?l=bugtraq&m=102268626526119&w=2 Caldera Security Advisory: CSSA-2002-037.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt Debian Security Information: DSA-130 (Google Search) http://www.debian.org/security/2002/dsa-130 http://www.redhat.com/support/errata/RHSA-2002-036.html http://www.redhat.com/support/errata/RHSA-2002-088.html http://www.redhat.com/support/errata/RHSA-2002-170.html http://www.iss.net/security_center/static/9203.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0403 BugTraq ID: 4807 http://www.securityfocus.com/bid/4807 http://www.iss.net/security_center/static/9205.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0404 BugTraq ID: 4808 http://www.securityfocus.com/bid/4808 http://www.iss.net/security_center/static/9206.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.