| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2005:011.
Ethereal is a program for monitoring network traffic.
A number of security flaws have been discovered in Ethereal. On a system
where Ethereal is running, a remote attacker could send malicious packets
to trigger these flaws.
A flaw in the DICOM dissector could cause a crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-1139 to this issue.
A invalid RTP timestamp could hang Ethereal and create a large temporary
file, possibly filling available disk space. (CVE-2004-1140)
The HTTP dissector could access previously-freed memory, causing a crash.
(CVE-2004-1141)
An improperly formatted SMB packet could make Ethereal hang, maximizing CPU
utilization. (CVE-2004-1142)
The COPS dissector could go into an infinite loop. (CVE-2005-0006)
The DLSw dissector could cause an assertion, making Ethereal exit
prematurely. (CVE-2005-0007)
The DNP dissector could cause memory corruption. (CVE-2005-0008)
The Gnutella dissector could cause an assertion, making Ethereal exit
prematurely. (CVE-2005-0009)
The MMSE dissector could free static memory, causing a crash. (CVE-2005-0010)
The X11 protocol dissector is vulnerable to a string buffer overflow.
(CVE-2005-0084)
Users of Ethereal should upgrade to these updated packages which contain
version 0.10.9 that is not vulnerable to these issues.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2005-011.html
http://www.ethereal.com/appnotes/enpa-sa-00016.html
http://www.ethereal.com/appnotes/enpa-sa-00017.html
Risk factor : Medium
CVSS Score:
5.0
|
