ID de Prueba:	1.3.6.1.4.1.25623.1.0.52156
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: ethereal, ethereal-lite, tethereal, tethereal-lite
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: ethereal ethereal-lite tethereal tethereal-lite CVE-2005-0699 Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values. CVE-2005-0704 Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. CVE-2005-0705 The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the 'ignore cipher bit' option enabled. allows remote attackers to cause a denial of service (application crash). CVE-2005-0739 The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0699 BugTraq ID: 12759 http://www.securityfocus.com/bid/12759 Bugtraq: 20050308 Ethereal remote buffer overflow (Google Search) http://www.securityfocus.com/archive/1/392659 Bugtraq: 20050309 RE: Ethereal remote buffer overflow - addon (Google Search) http://marc.info/?l=bugtraq&m=111038641832400&w=2 Bugtraq: 20050314 Ethereal 0.10.9 and below remote root exploit (Google Search) http://marc.info/?l=bugtraq&m=111083125521813&w=2 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html http://security.gentoo.org/glsa/glsa-200503-16.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:053 http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-03-04 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10147 http://www.redhat.com/support/errata/RHSA-2005-306.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0704 12762 http://www.securityfocus.com/bid/12762 FLSA-2006:152922 GLSA-200503-16 http://www.gentoo.org/security/en/glsa/glsa-200503-16.xml MDKSA-2005:053 RHSA-2005:306 http://www.ethereal.com/appnotes/enpa-sa-00018.html oval:org.mitre.oval:def:10447 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10447 Common Vulnerability Exposure (CVE) ID: CVE-2005-0705 oval:org.mitre.oval:def:10565 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10565 Common Vulnerability Exposure (CVE) ID: CVE-2005-0739 BugTraq ID: 12762 Bugtraq: 20050312 Ethereal remote buffer overflow #2 (Google Search) http://marc.info/?l=bugtraq&m=111066805726551&w=2 Debian Security Information: DSA-718 (Google Search) http://www.debian.org/security/2005/dsa-718 http://anonsvn.ethereal.com/viewcvs/viewcvs.py?view=rev&rev=13707 http://security.lss.hr/index.php?page=details&ID=LSS-2005-03-05 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9687
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.