Test ID:	1.3.6.1.4.1.25623.1.0.50549
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2004:067 (ethereal)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to ethereal announced via advisory MDKSA-2004:067. Three vulnerabilities were discovered in Ethereal versions prior to 0.10.5 in the iSNS, SMB SID, and SNMP dissectors. It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet into the wire or by convincing someone to read a malformed packet trace file. These vulnerabilities have been corrected in Ethereal 0.10.5. Affected versions: 10.0, 9.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0635 http://www.ethereal.com/appnotes/enpa-sa-00015.html Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0633 CERT/CC vulnerability note: VU#829422 http://www.kb.cert.org/vuls/id/829422 Conectiva Linux advisory: CLA-2005:916 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00013.html http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00014.html http://www.gentoo.org/security/en/glsa/glsa-200407-08.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9931 http://www.redhat.com/support/errata/RHSA-2004-378.html http://securitytracker.com/id?1010655 http://secunia.com/advisories/12024 XForce ISS Database: ethereal-isns-dos(16630) https://exchange.xforce.ibmcloud.com/vulnerabilities/16630 Common Vulnerability Exposure (CVE) ID: CVE-2004-0634 CERT/CC vulnerability note: VU#518782 http://www.kb.cert.org/vuls/id/518782 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10252 XForce ISS Database: ethereal-smb-sid-dos(16631) https://exchange.xforce.ibmcloud.com/vulnerabilities/16631 Common Vulnerability Exposure (CVE) ID: CVE-2004-0635 CERT/CC vulnerability note: VU#835846 http://www.kb.cert.org/vuls/id/835846 Debian Security Information: DSA-528 (Google Search) http://www.debian.org/security/2004/dsa-528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9721 XForce ISS Database: ethereal-snmp-community-dos(16632) https://exchange.xforce.ibmcloud.com/vulnerabilities/16632
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.