English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.51320
Categoría:Conectiva Local Security Checks
Título:Conectiva Security Advisory CLA-2005:916
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory CLA-2005:916.

Ethereal[1] is a powerful network traffic analyzer with a graphical
user interface (GUI).

This update fixes several vulnerabilities[2,3,4] in ethereal:

CVE-2004-0633: The iSNS dissector for ethereal 0.10.3 through
0.10.4 allows remote attackers to cause a denial of service (process
abort) via an integer overflow.

CVE-2004-0634: The SMB SID snooping capability in ethereal 0.9.15
to 0.10.4 allows remote attackers to cause a denial of service
(process abort) via a handle without a policy name, which causes a
null dereference.

CVE-2004-0635: The SNMP dissector in ethereal 0.8.15 through
0.10.4 allows remote attackers to cause a denial of service (process
abort) via a malformed request or by missing community string, which
causes an out-of-bounds read.

CVE-2004-0504: ethereal 0.10.3 allows remote attackers to cause a
denial of service (crash) via certain SIP messages between Hotsip
servers and clients.

CVE-2004-0505: The AIM dissector in ethereal 0.10.3 allows remote
attackers to cause a denial of service (assert error).

CVE-2004-0506: The SPNEGO dissector in ethereal 0.9.8 to 0.10.3
allows remote attackers to cause a denial of service (abort).

CVE-2004-0507: Buffer overflow in the MMSE dissector for ethereal
0.10.1 to 0.10.3 allows remote attackers to cause a denial of service
and possibly execute arbitrary code.

CVE-2004-1139: Matthew Bing found a problem in DICOM dissection
that could make Ethereal exit unexpectedly.

CVE-2004-1140: An invalid RTP timestamp could make Ethereal hang
and create a large temporary file, possibly filling all available
disk space.

CVE-2004-1141: The HTTP dissector could access previously-freed
memory, making Ethereal exit unexpectedly.

CVE-2004-1142: Brian Caswell discovered that an improperly
formatted SMB packet could make Ethereal hang, maximizing CPU
utilization.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.ethereal.com/
http://www.ethereal.com/appnotes/enpa-sa-00014.html
http://www.ethereal.com/appnotes/enpa-sa-00015.html
http://www.ethereal.com/appnotes/enpa-sa-00016.html
http://www.securityspace.com/smysecure/catid.html?in=CLA-2005:916
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000916

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0633
CERT/CC vulnerability note: VU#829422
http://www.kb.cert.org/vuls/id/829422
Conectiva Linux advisory: CLA-2005:916
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916
http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00013.html
http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00014.html
http://www.gentoo.org/security/en/glsa/glsa-200407-08.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:067
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9931
http://www.redhat.com/support/errata/RHSA-2004-378.html
http://securitytracker.com/id?1010655
http://secunia.com/advisories/12024
XForce ISS Database: ethereal-isns-dos(16630)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16630
Common Vulnerability Exposure (CVE) ID: CVE-2004-0634
CERT/CC vulnerability note: VU#518782
http://www.kb.cert.org/vuls/id/518782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10252
XForce ISS Database: ethereal-smb-sid-dos(16631)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16631
Common Vulnerability Exposure (CVE) ID: CVE-2004-0635
CERT/CC vulnerability note: VU#835846
http://www.kb.cert.org/vuls/id/835846
Debian Security Information: DSA-528 (Google Search)
http://www.debian.org/security/2004/dsa-528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9721
XForce ISS Database: ethereal-snmp-community-dos(16632)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16632
Common Vulnerability Exposure (CVE) ID: CVE-2004-0504
BugTraq ID: 10347
http://www.securityfocus.com/bid/10347
Computer Incident Advisory Center Bulletin: O-150
http://www.ciac.org/ciac/bulletins/o-150.shtml
http://security.gentoo.org/glsa/glsa-200406-01.xml
http://www.ethereal.com/lists/ethereal-users/200405/msg00018.html
http://www.osvdb.org/6131
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9769
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A982
RedHat Security Advisories: RHSA-2004:234
http://securitytracker.com/id?1010158
http://secunia.com/advisories/11608
http://secunia.com/advisories/11776
http://secunia.com/advisories/11836
SGI Security Advisory: 20040604-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
SGI Security Advisory: 20040605-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc
XForce ISS Database: ethereal-sip-packet-dos(16148)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16148
Common Vulnerability Exposure (CVE) ID: CVE-2004-0505
http://www.osvdb.org/6132
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9433
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A986
XForce ISS Database: ethereal-aim-dissector-dos(16150)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16150
Common Vulnerability Exposure (CVE) ID: CVE-2004-0506
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9695
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A987
XForce ISS Database: ethereal-spnego-dos(16151)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16151
Common Vulnerability Exposure (CVE) ID: CVE-2004-0507
http://www.osvdb.org/6134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A988
http://rhn.redhat.com/errata/RHSA-2004-234.html
XForce ISS Database: ethereal-mmse-bo(16152)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16152
Common Vulnerability Exposure (CVE) ID: CVE-2004-1139
BugTraq ID: 11943
http://www.securityfocus.com/bid/11943
Computer Incident Advisory Center Bulletin: P-061
http://www.ciac.org/ciac/bulletins/p-061.shtml
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
http://www.gentoo.org/security/en/glsa/glsa-200412-15.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:152
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11319
http://www.redhat.com/support/errata/RHSA-2005-037.html
http://secunia.com/advisories/13468/
XForce ISS Database: ethereal-dicom-dos(18484)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18484
Common Vulnerability Exposure (CVE) ID: CVE-2004-1140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10484
XForce ISS Database: Ethereal-rtp-dos(18485)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18485
Common Vulnerability Exposure (CVE) ID: CVE-2004-1141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9473
XForce ISS Database: ethereal-http-dissector-dos(18487)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18487
Common Vulnerability Exposure (CVE) ID: CVE-2004-1142
Debian Security Information: DSA-613 (Google Search)
http://www.debian.org/security/2004/dsa-613
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11278
XForce ISS Database: ethereal-smb-dos(18488)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18488
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.