 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50337 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 1 FEDORA-2004-219 (ethereal) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to ethereal announced via advisory FEDORA-2004-219. Ethereal is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package. Update Information: Issues have been discovered in the following protocol dissectors: * The iSNS dissector could make Ethereal abort in some cases. (0.10.3 - 0.10.4) CVE-2004-0633 * SMB SID snooping could crash if there was no policy name for a handle. (0.9.15 - 0.10.4) CVE-2004-0634 * The SNMP dissector could crash due to a malformed or missing community string. (0.8.15 - 0.10.4) CVE-2004-0635 Impact: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution: Upgrade to 0.10.5. If you are running a version prior to 0.10.5 and you cannot upgrade, you can disable all of the protocol dissectors listed above by selecting Analyze->Enabled Protocols... and deselecting them from the list. For SMB, you can alternatively disable SID snooping in the SMB protocol preferences. However, it is strongly recommended that you upgrade to 0.10.5. * Fri Jul 09 2004 Phil Knirsch - Update to ethereal-0.10.5 for various security bugfixes. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 9751b92c7bdefaaf6745b034c8e3204e SRPMS/ethereal-0.10.5-0.1.1.src.rpm 34c62134a742a1fce28a37266f0a8e7c x86_64/ethereal-0.10.5-0.1.1.x86_64.rpm b002b7b82e68596c972c062b3ad95f9e x86_64/ethereal-gnome-0.10.5-0.1.1.x86_64.rpm 4710db2e7d93cf0e9e7ddb3d4ab20d4b x86_64/debug/ethereal-debuginfo-0.10.5-0.1.1.x86_64.rpm ecc5eab62824dc34c8de6c4f12a8b8bf i386/ethereal-0.10.5-0.1.1.i386.rpm 1c5004476fe460260699f713cee0ca3a i386/ethereal-gnome-0.10.5-0.1.1.i386.rpm ae8b276396b0312aa29d032b5f24fd2a i386/debug/ethereal-debuginfo-0.10.5-0.1.1.i386.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-219.shtml Risk factor : Medium CVSS Score: 5.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0633 CERT/CC vulnerability note: VU#829422 http://www.kb.cert.org/vuls/id/829422 Conectiva Linux advisory: CLA-2005:916 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00013.html http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00014.html http://www.gentoo.org/security/en/glsa/glsa-200407-08.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9931 http://www.redhat.com/support/errata/RHSA-2004-378.html http://securitytracker.com/id?1010655 http://secunia.com/advisories/12024 XForce ISS Database: ethereal-isns-dos(16630) https://exchange.xforce.ibmcloud.com/vulnerabilities/16630 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |