Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51641
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:037
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2005:037.

Ethereal is a program for monitoring network traffic.

A number of security flaws have been discovered in Ethereal. On a system
where Ethereal is running, a remote attacker could send malicious packets
to trigger these flaws.

A flaw in the DICOM dissector could cause a crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-1139 to this issue.

A invalid RTP timestamp could hang Ethereal and create a large temporary
file, possibly filling available disk space. (CVE-2004-1140)

The HTTP dissector could access previously-freed memory, causing a crash.
(CVE-2004-1141)

An improperly formatted SMB packet could make Ethereal hang, maximizing CPU
utilization. (CVE-2004-1142)

The COPS dissector could go into an infinite loop. (CVE-2005-0006)

The DLSw dissector could cause an assertion, making Ethereal exit
prematurely. (CVE-2005-0007)

The DNP dissector could cause memory corruption. (CVE-2005-0008)

The Gnutella dissector could cause an assertion, making Ethereal exit
prematurely. (CVE-2005-0009)

The MMSE dissector could free static memory, causing a crash. (CVE-2005-0010)

The X11 protocol dissector is vulnerable to a string buffer overflow.
(CVE-2005-0084)

Users of Ethereal should upgrade to these updated packages which contain
version 0.10.9 that is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-037.html
http://www.ethereal.com/appnotes/enpa-sa-00016.html
http://www.ethereal.com/appnotes/enpa-sa-00017.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0084

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-1139
BugTraq ID: 11943
http://www.securityfocus.com/bid/11943
Computer Incident Advisory Center Bulletin: P-061
http://www.ciac.org/ciac/bulletins/p-061.shtml
Conectiva Linux advisory: CLA-2005:916
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
http://www.gentoo.org/security/en/glsa/glsa-200412-15.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:152
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11319
http://www.redhat.com/support/errata/RHSA-2005-037.html
http://secunia.com/advisories/13468/
XForce ISS Database: ethereal-dicom-dos(18484)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18484
Common Vulnerability Exposure (CVE) ID: CVE-2004-1140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10484
XForce ISS Database: Ethereal-rtp-dos(18485)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18485
Common Vulnerability Exposure (CVE) ID: CVE-2004-1141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9473
XForce ISS Database: ethereal-http-dissector-dos(18487)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18487
Common Vulnerability Exposure (CVE) ID: CVE-2004-1142
Debian Security Information: DSA-613 (Google Search)
http://www.debian.org/security/2004/dsa-613
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11278
XForce ISS Database: ethereal-smb-dos(18488)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18488
Common Vulnerability Exposure (CVE) ID: CVE-2005-0006
BugTraq ID: 12326
http://www.securityfocus.com/bid/12326
Computer Incident Advisory Center Bulletin: P-106
http://www.ciac.org/ciac/bulletins/p-106.shtml
http://www.gentoo.org/security/en/glsa/glsa-200501-27.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10801
http://www.redhat.com/support/errata/RHSA-2005-011.html
http://secunia.com/advisories/13946/
XForce ISS Database: ethereal-cops-dos(18999)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18999
Common Vulnerability Exposure (CVE) ID: CVE-2005-0007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11381
XForce ISS Database: ethereal-dlsw-dos(19000)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19000
Common Vulnerability Exposure (CVE) ID: CVE-2005-0008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10689
XForce ISS Database: ethereal-dnp-memory-corruption(19001)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19001
Common Vulnerability Exposure (CVE) ID: CVE-2005-0009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10623
XForce ISS Database: ethereal-gnutella-dos(19002)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19002
Common Vulnerability Exposure (CVE) ID: CVE-2005-0010
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9521
XForce ISS Database: ethereal-mmse-free-memory(19003)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19003
Common Vulnerability Exposure (CVE) ID: CVE-2005-0084
Debian Security Information: DSA-653 (Google Search)
http://www.debian.org/security/2005/dsa-653
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9140
XForce ISS Database: ethereal-x11-bo(19004)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19004
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.