Test ID:	1.3.6.1.4.1.25623.1.0.57164
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1127)
Summary:	The remote host is missing an update for the Debian 'ethereal' package(s) announced via the DSA-1127 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'ethereal' package(s) announced via the DSA-1127 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in the Ethereal network sniffer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-3628 Ilja van Sprundel discovered that the FW-1 and MQ dissectors are vulnerable to format string attacks. CVE-2006-3629 Ilja van Sprundel discovered that the MOUNT dissector is vulnerable to denial of service through memory exhaustion. CVE-2006-3630 Ilja van Sprundel discovered off-by-one overflows in the NCP NMAS and NDPS dissectors. CVE-2006-3631 Ilja van Sprundel discovered a buffer overflow in the NFS dissector. CVE-2006-3632 Ilja van Sprundel discovered that the SSH dissector is vulnerable to denial of service through an infinite loop. For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge6. For the unstable distribution (sid) these problems have been fixed in version 0.99.2-1 of wireshark, the sniffer formerly known as ethereal. We recommend that you upgrade your ethereal packages. Affected Software/OS: 'ethereal' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3628 1016532 http://securitytracker.com/id?1016532 19051 http://www.securityfocus.com/bid/19051 20060719 rPSA-2006-0132-1 tshark wireshark http://www.securityfocus.com/archive/1/440576/100/0/threaded 20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P 21078 http://secunia.com/advisories/21078 21107 http://secunia.com/advisories/21107 21121 http://secunia.com/advisories/21121 21204 http://secunia.com/advisories/21204 21249 http://secunia.com/advisories/21249 21467 http://secunia.com/advisories/21467 21488 http://secunia.com/advisories/21488 21598 http://secunia.com/advisories/21598 22089 http://secunia.com/advisories/22089 27362 http://www.osvdb.org/27362 27363 http://www.osvdb.org/27363 27364 http://www.osvdb.org/27364 27369 http://www.osvdb.org/27369 ADV-2006-2850 http://www.vupen.com/english/advisories/2006/2850 DSA-1127 http://www.debian.org/security/2006/dsa-1127 GLSA-200607-09 http://security.gentoo.org/glsa/glsa-200607-09.xml MDKSA-2006:128 http://www.mandriva.com/security/advisories?name=MDKSA-2006:128 RHSA-2006:0602 http://rhn.redhat.com/errata/RHSA-2006-0602.html SUSE-SR:2006:020 http://www.novell.com/linux/security/advisories/2006_20_sr.html http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm http://www.wireshark.org/security/wnpa-sec-2006-01.html https://issues.rpath.com/browse/RPL-512 oval:org.mitre.oval:def:9175 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9175 wireshark-ansimap-format-string(27822) https://exchange.xforce.ibmcloud.com/vulnerabilities/27822 wireshark-cpfw1-format-string(27823) https://exchange.xforce.ibmcloud.com/vulnerabilities/27823 wireshark-mq-format-string(27824) https://exchange.xforce.ibmcloud.com/vulnerabilities/27824 wireshark-ntp-format-string(27828) https://exchange.xforce.ibmcloud.com/vulnerabilities/27828 wireshark-xml-format-string(27825) https://exchange.xforce.ibmcloud.com/vulnerabilities/27825 Common Vulnerability Exposure (CVE) ID: CVE-2006-3629 27365 http://www.osvdb.org/27365 oval:org.mitre.oval:def:10492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10492 wireshark-mount-dos(27826) https://exchange.xforce.ibmcloud.com/vulnerabilities/27826 Common Vulnerability Exposure (CVE) ID: CVE-2006-3630 27366 http://www.osvdb.org/27366 27367 http://www.osvdb.org/27367 27368 http://www.osvdb.org/27368 oval:org.mitre.oval:def:11350 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11350 wireshark-nmas-ndps-offbyone(27827) https://exchange.xforce.ibmcloud.com/vulnerabilities/27827 Common Vulnerability Exposure (CVE) ID: CVE-2006-3631 27370 http://www.osvdb.org/27370 oval:org.mitre.oval:def:11476 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11476 wireshark-ssh-dos(27829) https://exchange.xforce.ibmcloud.com/vulnerabilities/27829 Common Vulnerability Exposure (CVE) ID: CVE-2006-3632 27371 http://www.osvdb.org/27371 oval:org.mitre.oval:def:9468 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9468 wireshark-nfs-bo(27830) https://exchange.xforce.ibmcloud.com/vulnerabilities/27830
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.