English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61684
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0890
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0890.

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network, it could crash or, possibly, execute
arbitrary code as the user running Wireshark. (CVE-2008-3146)

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072,
CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138,
CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934)

Additionally, this update changes the default Pluggable Authentication
Modules (PAM) configuration to always prompt for the root password before
each start of Wireshark. This avoids unintentionally running Wireshark with
root privileges.

Users of wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.3, and resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0890.html
http://www.redhat.com/security/updates/classification/#moderate
http://www.wireshark.org/docs/relnotes/
http://www.wireshark.org/security/

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1070
BugTraq ID: 28025
http://www.securityfocus.com/bid/28025
Bugtraq: 20080229 rPSA-2008-0092-1 tshark wireshark (Google Search)
http://www.securityfocus.com/archive/1/488967/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00140.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00228.html
http://security.gentoo.org/glsa/glsa-200803-32.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:057
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11378
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14995
http://www.redhat.com/support/errata/RHSA-2008-0890.html
http://www.securitytracker.com/id?1019515
http://secunia.com/advisories/29156
http://secunia.com/advisories/29188
http://secunia.com/advisories/29223
http://secunia.com/advisories/29242
http://secunia.com/advisories/29511
http://secunia.com/advisories/29736
http://secunia.com/advisories/32091
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://www.vupen.com/english/advisories/2008/0704
http://www.vupen.com/english/advisories/2008/2773
Common Vulnerability Exposure (CVE) ID: CVE-2008-1071
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11633
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14784
Common Vulnerability Exposure (CVE) ID: CVE-2008-1072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10188
Common Vulnerability Exposure (CVE) ID: CVE-2008-1561
BugTraq ID: 28485
http://www.securityfocus.com/bid/28485
Bugtraq: 20080404 rPSA-2008-0138-1 tshark wireshark (Google Search)
http://www.securityfocus.com/archive/1/490487/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200805-05.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:091
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15089
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9315
http://www.securitytracker.com/id?1019728
http://secunia.com/advisories/29569
http://secunia.com/advisories/29622
http://secunia.com/advisories/29695
http://secunia.com/advisories/29971
SuSE Security Announcement: SUSE-SR:2008:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://www.vupen.com/english/advisories/2008/1007/references
XForce ISS Database: wireshark-roofnet-dissector-dos(41515)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41515
XForce ISS Database: wireshark-x509sat-dissector-dos(41514)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41514
Common Vulnerability Exposure (CVE) ID: CVE-2008-1562
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14549
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9318
XForce ISS Database: wireshark-ldap-dissector-dos(41516)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41516
Common Vulnerability Exposure (CVE) ID: CVE-2008-1563
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10238
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15074
XForce ISS Database: wireshark-sccp-dissector-dos(41517)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41517
Common Vulnerability Exposure (CVE) ID: CVE-2008-3137
BugTraq ID: 30020
http://www.securityfocus.com/bid/30020
Bugtraq: 20080703 rPSA-2008-0212-1 tshark wireshark (Google Search)
http://www.securityfocus.com/archive/1/493882/100/0/threaded
Debian Security Information: DSA-1673 (Google Search)
http://www.debian.org/security/2008/dsa-1673
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html
http://security.gentoo.org/glsa/glsa-200808-04.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10860
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15068
http://securitytracker.com/id?1020404
http://secunia.com/advisories/30886
http://secunia.com/advisories/30942
http://secunia.com/advisories/31085
http://secunia.com/advisories/31378
http://secunia.com/advisories/31687
http://secunia.com/advisories/32944
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.vupen.com/english/advisories/2008/1982/references
Common Vulnerability Exposure (CVE) ID: CVE-2008-3138
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10536
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14898
XForce ISS Database: wireshark-pana-kismet-dos(43519)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43519
Common Vulnerability Exposure (CVE) ID: CVE-2008-3141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11324
XForce ISS Database: wireshark-rmi-information-disclosure(43520)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43520
Common Vulnerability Exposure (CVE) ID: CVE-2008-3145
BugTraq ID: 30181
http://www.securityfocus.com/bid/30181
Bugtraq: 20080729 rPSA-2008-0237-1 tshark wireshark (Google Search)
http://www.securityfocus.com/archive/1/494859/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2008:152
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9020
http://securitytracker.com/id?1020471
http://secunia.com/advisories/31044
http://secunia.com/advisories/31257
http://www.vupen.com/english/advisories/2008/2057/references
XForce ISS Database: wireshark-packets-dos(43719)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43719
Common Vulnerability Exposure (CVE) ID: CVE-2008-3146
Bugtraq: 20080917 rPSA-2008-0278-1 tshark wireshark (Google Search)
http://www.securityfocus.com/archive/1/496487/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00715.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00713.html
http://security.gentoo.org/glsa/glsa-200809-17.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:199
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10624
http://www.securitytracker.com/id?1020819
http://secunia.com/advisories/31864
http://secunia.com/advisories/31886
http://secunia.com/advisories/32028
Common Vulnerability Exposure (CVE) ID: CVE-2008-3932
1020819
20080917 rPSA-2008-0278-1 tshark wireshark
31864
31886
32028
32091
ADV-2008-2493
http://www.vupen.com/english/advisories/2008/2493
ADV-2008-2773
FEDORA-2008-7894
FEDORA-2008-7936
GLSA-200809-17
MDVSA-2008:199
RHSA-2008:0890
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675
http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278
http://www.wireshark.org/security/wnpa-sec-2008-05.html
oval:org.mitre.oval:def:11273
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11273
wireshark-ncp-dos(45309)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45309
Common Vulnerability Exposure (CVE) ID: CVE-2008-3933
32944
DSA-1673
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2649
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2682
oval:org.mitre.oval:def:9620
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9620
Common Vulnerability Exposure (CVE) ID: CVE-2008-3934
oval:org.mitre.oval:def:15087
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15087
oval:org.mitre.oval:def:9920
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9920
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.