| Description: | Description:
The remote host is missing an update to ethereal
announced via advisory MDKSA-2004:024.
A number of serious issues have been discovered in versions of Ethereal
prior to 0.10.2. Stefan Esser discovered thirteen buffer overflows in
the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP dissectors.
Jonathan Heusser discovered that a carefully-crafted RADIUS packet
could cause Ethereal to crash. It was also found that a zero-length
Presentation protocol selector could make Ethereal crash. Finally, a
corrupt color filter file could cause a segmentation fault. It is
possible, through the exploitation of some of these vulnerabilities, to
cause Ethereal to crash or run arbitrary code by injecting a malicious,
malformed packet onto the wire, by convincing someone to read a
malformed packet trace file, or by creating a malformed color filter
file.
The updated packages bring Ethereal to version 0.10.3 which is not
vulnerable to these issues.
Affected versions: 9.1, 9.2
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-01767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0367
http://www.ethereal.com/appnotes/enpa-sa-00013.html
Risk factor : Medium
CVSS Score:
5.0
|
