Test ID:	1.3.6.1.4.1.25623.1.0.57347
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2006:0658
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2006:0658. Wireshark is a program for monitoring network traffic. Bugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4330, CVE-2006-4333) An off-by-one bug was found in the IPsec ESP decryption preference parser. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4331) Users of Wireshark or Ethereal should upgrade to these updated packages containing Wireshark version 0.99.3, which is not vulnerable to these issues. These packages also fix a bug in the PAM configuration of the Wireshark packages which prevented non-root users starting a capture. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0658.html http://www.wireshark.org/security/wnpa-sec-2006-02.html http://www.wireshark.org/faq.html#q1.2 http://www.redhat.com/security/updates/classification/#low Risk factor : High CVSS Score: 5.4
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4330 1016736 http://securitytracker.com/id?1016736 19690 http://www.securityfocus.com/bid/19690 20060825 rPSA-2006-0158-1 tshark wireshark http://www.securityfocus.com/archive/1/444323/100/0/threaded 21597 http://secunia.com/advisories/21597 21619 http://secunia.com/advisories/21619 21649 http://secunia.com/advisories/21649 21682 http://secunia.com/advisories/21682 21885 http://secunia.com/advisories/21885 22378 http://secunia.com/advisories/22378 ADV-2006-3370 http://www.vupen.com/english/advisories/2006/3370 GLSA-200608-26 http://security.gentoo.org/glsa/glsa-200608-26.xml MDKSA-2006:152 http://www.mandriva.com/security/advisories?name=MDKSA-2006:152 RHSA-2006:0658 http://www.redhat.com/support/errata/RHSA-2006-0658.html VU#808832 http://www.kb.cert.org/vuls/id/808832 http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm http://www.wireshark.org/security/wnpa-sec-2006-02.html https://issues.rpath.com/browse/RPL-597 oval:org.mitre.oval:def:14684 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14684 oval:org.mitre.oval:def:9869 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9869 wireshark-esp-offbyone(28553) https://exchange.xforce.ibmcloud.com/vulnerabilities/28553 wireshark-scsi-dos(28550) https://exchange.xforce.ibmcloud.com/vulnerabilities/28550 Common Vulnerability Exposure (CVE) ID: CVE-2006-4331 VU#638376 http://www.kb.cert.org/vuls/id/638376 oval:org.mitre.oval:def:10125 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10125 oval:org.mitre.oval:def:14587 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14587 Common Vulnerability Exposure (CVE) ID: CVE-2006-4333 21813 http://secunia.com/advisories/21813 DSA-1171 http://www.debian.org/security/2006/dsa-1171 VU#696896 http://www.kb.cert.org/vuls/id/696896 oval:org.mitre.oval:def:11801 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11801 wireshark-sscop-dos(28556) https://exchange.xforce.ibmcloud.com/vulnerabilities/28556
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.