Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2009:292 (wireshark)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66184

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2009:292 (wireshark)

Resumen: The remote host is missing an update to wireshark;announced via advisory MDVSA-2009:292.

Descripción: Summary:
The remote host is missing an update to wireshark
announced via advisory MDVSA-2009:292.

Vulnerability Insight:
Vulnerabilities have been discovered and corrected in wireshark,
affecting DCERPC/NT dissector, which allows remote attackers to cause
a denial of service (NULL pointer dereference and application crash)
via a file that records a malformed packet trace (CVE-2009-3550), and
in wiretap/erf.c which allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via a crafted
erf file (CVE-2009-3829).

The wireshark package has been updated to fix these vulnerabilities.

Affected: 2009.1, Corporate 4.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3550
36846
http://www.securityfocus.com/bid/36846
37175
http://secunia.com/advisories/37175
37409
http://secunia.com/advisories/37409
37477
http://secunia.com/advisories/37477
ADV-2009-3061
http://www.vupen.com/english/advisories/2009/3061
DSA-1942
http://www.debian.org/security/2009/dsa-1942
http://www.wireshark.org/docs/relnotes/wireshark-1.0.10.html
http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html
http://www.wireshark.org/security/wnpa-sec-2009-07.html
http://www.wireshark.org/security/wnpa-sec-2009-08.html
oval:org.mitre.oval:def:10103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10103
oval:org.mitre.oval:def:6005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6005
wireshark-dcerpcnt-dos(54017)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54017
Common Vulnerability Exposure (CVE) ID: CVE-2009-3829
CERT/CC vulnerability note: VU#676492
http://www.kb.cert.org/vuls/id/676492
Debian Security Information: DSA-1942 (Google Search)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5979
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9945

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66184
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2009:292 (wireshark)
Resumen:	The remote host is missing an update to wireshark;announced via advisory MDVSA-2009:292.
Descripción:	Summary: The remote host is missing an update to wireshark announced via advisory MDVSA-2009:292. Vulnerability Insight: Vulnerabilities have been discovered and corrected in wireshark, affecting DCERPC/NT dissector, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace (CVE-2009-3550), and in wiretap/erf.c which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file (CVE-2009-3829). The wireshark package has been updated to fix these vulnerabilities. Affected: 2009.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3550 36846 http://www.securityfocus.com/bid/36846 37175 http://secunia.com/advisories/37175 37409 http://secunia.com/advisories/37409 37477 http://secunia.com/advisories/37477 ADV-2009-3061 http://www.vupen.com/english/advisories/2009/3061 DSA-1942 http://www.debian.org/security/2009/dsa-1942 http://www.wireshark.org/docs/relnotes/wireshark-1.0.10.html http://www.wireshark.org/docs/relnotes/wireshark-1.2.3.html http://www.wireshark.org/security/wnpa-sec-2009-07.html http://www.wireshark.org/security/wnpa-sec-2009-08.html oval:org.mitre.oval:def:10103 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10103 oval:org.mitre.oval:def:6005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6005 wireshark-dcerpcnt-dos(54017) https://exchange.xforce.ibmcloud.com/vulnerabilities/54017 Common Vulnerability Exposure (CVE) ID: CVE-2009-3829 CERT/CC vulnerability note: VU#676492 http://www.kb.cert.org/vuls/id/676492 Debian Security Information: DSA-1942 (Google Search) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5979 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9945
Copyright	Copyright (C) 2009 E-Soft Inc.