ID de Prueba:	1.3.6.1.4.1.25623.1.0.69228
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:0369
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:0369. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark MAC-LTE dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0444) A heap-based buffer overflow flaw was found in the way Wireshark processed signaling traces generated by the Gammu utility on Nokia DCT3 phones running in Netmonitor mode. If Wireshark opened a specially-crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0713) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.2.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0369.html http://www.wireshark.org/security/wnpa-sec-2011-01.html http://www.wireshark.org/security/wnpa-sec-2011-03.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0444 BugTraq ID: 45775 http://www.securityfocus.com/bid/45775 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053650.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053669.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:007 https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5676 http://osvdb.org/70403 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14283 http://www.redhat.com/support/errata/RHSA-2011-0369.html http://secunia.com/advisories/43175 http://www.vupen.com/english/advisories/2011/0079 http://www.vupen.com/english/advisories/2011/0104 http://www.vupen.com/english/advisories/2011/0270 http://www.vupen.com/english/advisories/2011/0719 XForce ISS Database: wireshark-maclte-bo(64624) https://exchange.xforce.ibmcloud.com/vulnerabilities/64624 Common Vulnerability Exposure (CVE) ID: CVE-2011-0538 1025148 http://www.securitytracker.com/id?1025148 43759 http://secunia.com/advisories/43759 43795 http://secunia.com/advisories/43795 43821 http://secunia.com/advisories/43821 46167 http://www.securityfocus.com/bid/46167 ADV-2011-0622 http://www.vupen.com/english/advisories/2011/0622 ADV-2011-0626 http://www.vupen.com/english/advisories/2011/0626 ADV-2011-0719 ADV-2011-0747 http://www.vupen.com/english/advisories/2011/0747 DSA-2201 http://www.debian.org/security/2011/dsa-2201 FEDORA-2011-2620 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html FEDORA-2011-2632 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html FEDORA-2011-2648 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html MDVSA-2011:044 http://www.mandriva.com/security/advisories?name=MDVSA-2011:044 RHSA-2011:0369 RHSA-2011:0370 http://www.redhat.com/support/errata/RHSA-2011-0370.html VU#215900 http://www.kb.cert.org/vuls/id/215900 [oss-security] 20110204 Wireshark: Freeing uninitialized pointer http://openwall.com/lists/oss-security/2011/02/04/1 http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html http://www.wireshark.org/security/wnpa-sec-2011-03.html http://www.wireshark.org/security/wnpa-sec-2011-04.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5652 https://bugzilla.redhat.com/show_bug.cgi?id=676232 oval:org.mitre.oval:def:14605 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14605 wireshark-pcap-code-execution(65182) https://exchange.xforce.ibmcloud.com/vulnerabilities/65182 Common Vulnerability Exposure (CVE) ID: CVE-2011-0713 46416 http://www.securityfocus.com/bid/46416 [oss-security] 20110216 wireshark dct3trace buffer overflow http://openwall.com/lists/oss-security/2011/02/16/13 http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953 https://bugzilla.redhat.com/show_bug.cgi?id=678198 oval:org.mitre.oval:def:14766 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14766 wireshark-nokiadct3-bo(65780) https://exchange.xforce.ibmcloud.com/vulnerabilities/65780 wireshark-visualc-bo(65460) https://exchange.xforce.ibmcloud.com/vulnerabilities/65460 Common Vulnerability Exposure (CVE) ID: CVE-2011-1139 CERT/CC vulnerability note: VU#215900 Debian Security Information: DSA-2201 (Google Search) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14997 http://secunia.com/advisories/44169 SuSE Security Announcement: openSUSE-SU-2011:0347 (Google Search) https://hermes.opensuse.org/messages/8086844 XForce ISS Database: wireshark-pcapng-dos(65779) https://exchange.xforce.ibmcloud.com/vulnerabilities/65779 Common Vulnerability Exposure (CVE) ID: CVE-2011-1140 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14715 Common Vulnerability Exposure (CVE) ID: CVE-2011-1141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14974
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.