Test ID:	1.3.6.1.4.1.25623.1.0.58444
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1322-1)
Summary:	The remote host is missing an update for the Debian 'wireshark' package(s) announced via the DSA-1322-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'wireshark' package(s) announced via the DSA-1322-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3390 Off-by-one overflows were discovered in the iSeries dissector. CVE-2007-3392 The MMS and SSL dissectors could be forced into an infinite loop. CVE-2007-3393 An off-by-one overflow was discovered in the DHCP/BOOTP dissector. The oldstable distribution (sarge) is not affected by these problems. (In Sarge Wireshark used to be called Ethereal). For the stable distribution (etch) these problems have been fixed in version 0.99.4-5.etch.0. Packages for the big endian MIPS architecture are not yet available. They will be provided later. For the unstable distribution (sid) these problems have been fixed in version 0.99.6pre1-1. We recommend that you upgrade your Wireshark packages. Affected Software/OS: 'wireshark' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3390 BugTraq ID: 24662 http://www.securityfocus.com/bid/24662 Debian Security Information: DSA-1322 (Google Search) http://www.debian.org/security/2007/dsa-1322 http://security.gentoo.org/glsa/glsa-200708-12.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:145 http://osvdb.org/37642 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10865 http://www.redhat.com/support/errata/RHSA-2007-0709.html http://www.redhat.com/support/errata/RHSA-2007-0710.html http://www.redhat.com/support/errata/RHSA-2008-0059.html http://www.securitytracker.com/id?1018315 http://secunia.com/advisories/25833 http://secunia.com/advisories/25877 http://secunia.com/advisories/25987 http://secunia.com/advisories/26004 http://secunia.com/advisories/26499 http://secunia.com/advisories/28583 SuSE Security Announcement: SUSE-SR:2007:015 (Google Search) http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.vupen.com/english/advisories/2007/2353 XForce ISS Database: wireshark-iseries-dos(35205) https://exchange.xforce.ibmcloud.com/vulnerabilities/35205 Common Vulnerability Exposure (CVE) ID: CVE-2007-3392 Bugtraq: 20070814 WireShark MMS Remote Denial of Service vulnerability (Google Search) http://www.securityfocus.com/archive/1/476468/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10663 XForce ISS Database: wireshark-sslmms-dos(35203) https://exchange.xforce.ibmcloud.com/vulnerabilities/35203 Common Vulnerability Exposure (CVE) ID: CVE-2007-3393 http://osvdb.org/37639 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11010 http://secunia.com/advisories/22588/ XForce ISS Database: wireshark-dhcpbootp-dos(35113) https://exchange.xforce.ibmcloud.com/vulnerabilities/35113
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.