ID de Prueba:	1.3.6.1.4.1.25623.1.0.51896
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:306
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:306. The ethereal package is a program for monitoring network traffic. A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws and cause Ethereal to crash or potentially execute arbitrary code. A buffer overflow flaw was discovered in the Etheric dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0704 to this issue. The GPRS-LLC dissector could crash if the ignore cipher bit option was set. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0705 to this issue. A buffer overflow flaw was discovered in the 3GPP2 A11 dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0699 to this issue. A buffer overflow flaw was discovered in the IAPP dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0739 to this issue. Users of ethereal should upgrade to these updated packages, which contain version 0.10.10 and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-306.html http://www.ethereal.com/appnotes/enpa-sa-00018.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0699 BugTraq ID: 12759 http://www.securityfocus.com/bid/12759 Bugtraq: 20050308 Ethereal remote buffer overflow (Google Search) http://www.securityfocus.com/archive/1/392659 Bugtraq: 20050309 RE: Ethereal remote buffer overflow - addon (Google Search) http://marc.info/?l=bugtraq&m=111038641832400&w=2 Bugtraq: 20050314 Ethereal 0.10.9 and below remote root exploit (Google Search) http://marc.info/?l=bugtraq&m=111083125521813&w=2 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html http://security.gentoo.org/glsa/glsa-200503-16.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:053 http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-03-04 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10147 http://www.redhat.com/support/errata/RHSA-2005-306.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0704 12762 http://www.securityfocus.com/bid/12762 FLSA-2006:152922 GLSA-200503-16 http://www.gentoo.org/security/en/glsa/glsa-200503-16.xml MDKSA-2005:053 RHSA-2005:306 http://www.ethereal.com/appnotes/enpa-sa-00018.html oval:org.mitre.oval:def:10447 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10447 Common Vulnerability Exposure (CVE) ID: CVE-2005-0705 oval:org.mitre.oval:def:10565 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10565 Common Vulnerability Exposure (CVE) ID: CVE-2005-0739 BugTraq ID: 12762 Bugtraq: 20050312 Ethereal remote buffer overflow #2 (Google Search) http://marc.info/?l=bugtraq&m=111066805726551&w=2 Debian Security Information: DSA-718 (Google Search) http://www.debian.org/security/2005/dsa-718 http://anonsvn.ethereal.com/viewcvs/viewcvs.py?view=rev&rev=13707 http://security.lss.hr/index.php?page=details&ID=LSS-2005-03-05 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9687
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.