Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:242 (wireshark)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.62940

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:242 (wireshark)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to wireshark
announced via advisory MDVSA-2008:242.

Two vulnerabilities were discovered in Wireshark. The first is a
vulnerability in the SMTP dissector that could cause it to consume
excessive CPU and memory via a long SMTP request (CVE-2008-5285).

The second is an issue with the WLCCP dissector that could cause it
to go into an infinite loop.

This update also provides a patch to fix a potential freeze during
capture interface selection.

This update provides Wireshark 1.0.5, which is not vulnerable to
these issues.

Affected: 2008.1, 2009.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:242
http://www.wireshark.org/security/wnpa-sec-2008-07.html

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5285
BugTraq ID: 32422
http://www.securityfocus.com/bid/32422
Bugtraq: 20081122 [SVRT-04-08] Vulnerability in WireShark 1.0.4 for DoS Attack (Google Search)
http://www.securityfocus.com/archive/1/498562/100/0/threaded
Bugtraq: 20081211 rPSA-2008-0336-1 tshark wireshark (Google Search)
http://www.securityfocus.com/archive/1/499154/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:242
http://www.openwall.com/lists/oss-security/2008/11/24/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11351
http://www.redhat.com/support/errata/RHSA-2009-0313.html
http://www.securitytracker.com/id?1021275
http://secunia.com/advisories/32840
http://secunia.com/advisories/34144
http://securityreason.com/securityalert/4663
http://www.vupen.com/english/advisories/2008/3231

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.62940
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:242 (wireshark)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to wireshark announced via advisory MDVSA-2008:242. Two vulnerabilities were discovered in Wireshark. The first is a vulnerability in the SMTP dissector that could cause it to consume excessive CPU and memory via a long SMTP request (CVE-2008-5285). The second is an issue with the WLCCP dissector that could cause it to go into an infinite loop. This update also provides a patch to fix a potential freeze during capture interface selection. This update provides Wireshark 1.0.5, which is not vulnerable to these issues. Affected: 2008.1, 2009.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:242 http://www.wireshark.org/security/wnpa-sec-2008-07.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5285 BugTraq ID: 32422 http://www.securityfocus.com/bid/32422 Bugtraq: 20081122 [SVRT-04-08] Vulnerability in WireShark 1.0.4 for DoS Attack (Google Search) http://www.securityfocus.com/archive/1/498562/100/0/threaded Bugtraq: 20081211 rPSA-2008-0336-1 tshark wireshark (Google Search) http://www.securityfocus.com/archive/1/499154/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:242 http://www.openwall.com/lists/oss-security/2008/11/24/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11351 http://www.redhat.com/support/errata/RHSA-2009-0313.html http://www.securitytracker.com/id?1021275 http://secunia.com/advisories/32840 http://secunia.com/advisories/34144 http://securityreason.com/securityalert/4663 http://www.vupen.com/english/advisories/2008/3231
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com