English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75803 CVE descriptions
and 40037 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51099
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2004:002
Summary:Redhat Security Advisory RHSA-2004:002
Description:
The remote host is missing updates announced in
advisory RHSA-2004:002.

Ethereal is a program for monitoring network traffic.

Two security issues have been found that affect Ethereal. By exploiting
these issues it may be possible to make Ethereal crash by injecting an
intentionally malformed packet onto the wire or by convincing someone to
read a malformed packet trace file. It is not known if these issues could
allow arbitrary code execution.

The SMB dissector in Ethereal before 0.10.0 allows remote attackers to
cause a denial of service via a malformed SMB packet that triggers a
segmentation fault during processing of Selected packets. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2003-1012 to this issue.

The Q.931 dissector in Ethereal before 0.10.0 allows remote attackers to
cause a denial of service (crash) via a malformed Q.931, which triggers a
null dereference. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-1013 to this issue.

Users of Ethereal should update to these erratum packages containing
Ethereal version 0.10.0, which is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2004-002.html
http://www.ethereal.com/appnotes/enpa-sa-00012.html

Risk factor : Medium
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-1012
Debian Security Information: DSA-407 (Google Search)
http://www.debian.org/security/2004/dsa-407
http://www.redhat.com/support/errata/RHSA-2004-001.html
http://www.redhat.com/support/errata/RHSA-2004-002.html
Conectiva Linux advisory: CLA-2004:801
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000801
http://www.mandriva.com/security/advisories?name=MDKSA-2004:002
SGI Security Advisory: 20040103-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
SGI Security Advisory: 20040202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:856
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10202
http://secunia.com/advisories/10531
http://secunia.com/advisories/10568
http://secunia.com/advisories/10570
Common Vulnerability Exposure (CVE) ID: CVE-2003-1013
http://www.debian.org/security/2003/dsa-407
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:857
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10097
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.