| Description: | Description:
The remote host is missing an update to ethereal
announced via advisory MDKSA-2005:193-1.
Ethereal 0.10.13 is now available fixing a number of security
vulnerabilities in various dissectors:
- the ISAKMP dissector could exhaust system memory
- the FC-FCS dissector could exhaust system memory
- the RSVP dissector could exhaust system memory
- the ISIS LSP dissector could exhaust system memory
- the IrDA dissector could crash
- the SLIMP3 dissector could overflow a buffer
- the BER dissector was susceptible to an infinite loop
- the SCSI dissector could dereference a null pointer and crash
- the sFlow dissector could dereference a null pointer and crash
- the RTnet dissector could dereference a null pointer and crash
- the SigComp UDVM could go into an infinite loop or crash
- the X11 dissector could attempt to divide by zero
- if SMB transaction payload reassembly is enabled the SMB dissector
could crash (by default this is disabled)
- if the Dissect unknown RPC program numbers option was enabled, the
ONC RPC dissector might be able to exhaust system memory (by default
this is disabled)
- the AgentX dissector could overflow a buffer
- the WSP dissector could free an invalid pointer
- iDEFENSE discovered a buffer overflow in the SRVLOC dissector
The new version of Ethereal is provided and corrects all of these
issues.
Update:
An infinite loop in the IRC dissector was also discovered and fixed
after the 0.10.13 release. The updated packages include the fix.
Affected: 10.2, 2006.0
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:193-1
http://www.ethereal.com/appnotes/enpa-sa-00021.html
Risk factor : Critical
CVSS Score:
10.0
|
