English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57356
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1171)
Summary:The remote host is missing an update for the Debian 'ethereal' package(s) announced via the DSA-1171 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'ethereal' package(s) announced via the DSA-1171 advisory.

Vulnerability Insight:
Several remote vulnerabilities have been discovered in the Ethereal network scanner, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-4333

It was discovered that the Q.2391 dissector is vulnerable to denial of service caused by memory exhaustion.

CVE-2005-3241

It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are vulnerable to denial of service caused by memory exhaustion.

CVE-2005-3242

It was discovered that the IrDA and SMB dissectors are vulnerable to denial of service caused by memory corruption.

CVE-2005-3243

It was discovered that the SLIMP3 and AgentX dissectors are vulnerable to code injection caused by buffer overflows.

CVE-2005-3244

It was discovered that the BER dissector is vulnerable to denial of service caused by an infinite loop.

CVE-2005-3246

It was discovered that the NCP and RTnet dissectors are vulnerable to denial of service caused by a null pointer dereference.

CVE-2005-3248

It was discovered that the X11 dissector is vulnerable to denial of service caused by a division through zero.

This update also fixes a 64 bit-specific regression in the ASN.1 decoder, which was introduced in a previous DSA.

For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge8.

For the unstable distribution (sid) these problems have been fixed in version 0.99.2-5.1 of wireshark, the network sniffer formerly known as ethereal.

We recommend that you upgrade your ethereal packages.

Affected Software/OS:
'ethereal' package(s) on Debian 3.1.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-3241
1015082
http://securitytracker.com/id?1015082
15148
http://www.securityfocus.com/bid/15148
17254
http://secunia.com/advisories/17254
17286
http://secunia.com/advisories/17286
17327
http://secunia.com/advisories/17327
17377
http://secunia.com/advisories/17377
17392
http://secunia.com/advisories/17392
17480
http://secunia.com/advisories/17480
20121
http://www.osvdb.org/20121
20122
http://www.osvdb.org/20122
20123
http://www.osvdb.org/20123
20124
http://www.osvdb.org/20124
21813
http://secunia.com/advisories/21813
DSA-1171
http://www.debian.org/security/2006/dsa-1171
FLSA-2006:152922
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
GLSA-200510-25
http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml
RHSA-2005:809
http://www.redhat.com/support/errata/RHSA-2005-809.html
SUSE-SR:2005:025
http://www.novell.com/linux/security/advisories/2005_25_sr.html
http://www.ethereal.com/appnotes/enpa-sa-00021.html
oval:org.mitre.oval:def:10582
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10582
Common Vulnerability Exposure (CVE) ID: CVE-2005-3242
20125
http://www.osvdb.org/20125
20133
http://www.osvdb.org/20133
oval:org.mitre.oval:def:10558
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10558
Common Vulnerability Exposure (CVE) ID: CVE-2005-3243
20126
http://www.osvdb.org/20126
20135
http://www.osvdb.org/20135
http://www.frsirt.com/exploits/20051020.ethereal_slimp3_bof.py.php
oval:org.mitre.oval:def:9836
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9836
Common Vulnerability Exposure (CVE) ID: CVE-2005-3244
20127
http://www.osvdb.org/20127
oval:org.mitre.oval:def:9665
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9665
Common Vulnerability Exposure (CVE) ID: CVE-2005-3246
20128
http://www.osvdb.org/20128
20130
http://www.osvdb.org/20130
20131
http://www.osvdb.org/20131
oval:org.mitre.oval:def:10303
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10303
Common Vulnerability Exposure (CVE) ID: CVE-2005-3248
20134
http://www.osvdb.org/20134
oval:org.mitre.oval:def:11002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11002
Common Vulnerability Exposure (CVE) ID: CVE-2005-3249
20136
http://www.osvdb.org/20136
oval:org.mitre.oval:def:9313
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9313
Common Vulnerability Exposure (CVE) ID: CVE-2006-4333
1016736
http://securitytracker.com/id?1016736
19690
http://www.securityfocus.com/bid/19690
20060825 rPSA-2006-0158-1 tshark wireshark
http://www.securityfocus.com/archive/1/444323/100/0/threaded
21597
http://secunia.com/advisories/21597
21619
http://secunia.com/advisories/21619
21649
http://secunia.com/advisories/21649
21682
http://secunia.com/advisories/21682
21885
http://secunia.com/advisories/21885
22378
http://secunia.com/advisories/22378
ADV-2006-3370
http://www.vupen.com/english/advisories/2006/3370
GLSA-200608-26
http://security.gentoo.org/glsa/glsa-200608-26.xml
MDKSA-2006:152
http://www.mandriva.com/security/advisories?name=MDKSA-2006:152
RHSA-2006:0658
http://www.redhat.com/support/errata/RHSA-2006-0658.html
VU#696896
http://www.kb.cert.org/vuls/id/696896
http://support.avaya.com/elmodocs2/security/ASA-2006-227.htm
http://www.wireshark.org/security/wnpa-sec-2006-02.html
https://issues.rpath.com/browse/RPL-597
oval:org.mitre.oval:def:11801
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11801
wireshark-esp-offbyone(28553)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28553
wireshark-sscop-dos(28556)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28556
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.