ID de Prueba:	1.3.6.1.4.1.25623.1.0.51641
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:037
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:037. Ethereal is a program for monitoring network traffic. A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws. A flaw in the DICOM dissector could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1139 to this issue. A invalid RTP timestamp could hang Ethereal and create a large temporary file, possibly filling available disk space. (CVE-2004-1140) The HTTP dissector could access previously-freed memory, causing a crash. (CVE-2004-1141) An improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization. (CVE-2004-1142) The COPS dissector could go into an infinite loop. (CVE-2005-0006) The DLSw dissector could cause an assertion, making Ethereal exit prematurely. (CVE-2005-0007) The DNP dissector could cause memory corruption. (CVE-2005-0008) The Gnutella dissector could cause an assertion, making Ethereal exit prematurely. (CVE-2005-0009) The MMSE dissector could free static memory, causing a crash. (CVE-2005-0010) The X11 protocol dissector is vulnerable to a string buffer overflow. (CVE-2005-0084) Users of Ethereal should upgrade to these updated packages which contain version 0.10.9 that is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-037.html http://www.ethereal.com/appnotes/enpa-sa-00016.html http://www.ethereal.com/appnotes/enpa-sa-00017.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0010 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0084 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1139 BugTraq ID: 11943 http://www.securityfocus.com/bid/11943 Computer Incident Advisory Center Bulletin: P-061 http://www.ciac.org/ciac/bulletins/p-061.shtml Conectiva Linux advisory: CLA-2005:916 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html http://www.gentoo.org/security/en/glsa/glsa-200412-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:152 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11319 http://www.redhat.com/support/errata/RHSA-2005-037.html http://secunia.com/advisories/13468/ XForce ISS Database: ethereal-dicom-dos(18484) https://exchange.xforce.ibmcloud.com/vulnerabilities/18484 Common Vulnerability Exposure (CVE) ID: CVE-2004-1140 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10484 XForce ISS Database: Ethereal-rtp-dos(18485) https://exchange.xforce.ibmcloud.com/vulnerabilities/18485 Common Vulnerability Exposure (CVE) ID: CVE-2004-1141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9473 XForce ISS Database: ethereal-http-dissector-dos(18487) https://exchange.xforce.ibmcloud.com/vulnerabilities/18487 Common Vulnerability Exposure (CVE) ID: CVE-2004-1142 Debian Security Information: DSA-613 (Google Search) http://www.debian.org/security/2004/dsa-613 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11278 XForce ISS Database: ethereal-smb-dos(18488) https://exchange.xforce.ibmcloud.com/vulnerabilities/18488 Common Vulnerability Exposure (CVE) ID: CVE-2005-0006 BugTraq ID: 12326 http://www.securityfocus.com/bid/12326 Computer Incident Advisory Center Bulletin: P-106 http://www.ciac.org/ciac/bulletins/p-106.shtml http://www.gentoo.org/security/en/glsa/glsa-200501-27.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10801 http://www.redhat.com/support/errata/RHSA-2005-011.html http://secunia.com/advisories/13946/ XForce ISS Database: ethereal-cops-dos(18999) https://exchange.xforce.ibmcloud.com/vulnerabilities/18999 Common Vulnerability Exposure (CVE) ID: CVE-2005-0007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11381 XForce ISS Database: ethereal-dlsw-dos(19000) https://exchange.xforce.ibmcloud.com/vulnerabilities/19000 Common Vulnerability Exposure (CVE) ID: CVE-2005-0008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10689 XForce ISS Database: ethereal-dnp-memory-corruption(19001) https://exchange.xforce.ibmcloud.com/vulnerabilities/19001 Common Vulnerability Exposure (CVE) ID: CVE-2005-0009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10623 XForce ISS Database: ethereal-gnutella-dos(19002) https://exchange.xforce.ibmcloud.com/vulnerabilities/19002 Common Vulnerability Exposure (CVE) ID: CVE-2005-0010 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9521 XForce ISS Database: ethereal-mmse-free-memory(19003) https://exchange.xforce.ibmcloud.com/vulnerabilities/19003 Common Vulnerability Exposure (CVE) ID: CVE-2005-0084 Debian Security Information: DSA-653 (Google Search) http://www.debian.org/security/2005/dsa-653 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9140 XForce ISS Database: ethereal-x11-bo(19004) https://exchange.xforce.ibmcloud.com/vulnerabilities/19004
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.