Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67304
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0360
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0360.

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2
dissectors. If Wireshark read a malformed packet off a network or opened a
malicious dump file, it could crash or, possibly, execute arbitrary code as
the user running Wireshark. (CVE-2009-4377)

Several buffer overflow flaws were found in the Wireshark LWRES dissector.
If Wireshark read a malformed packet off a network or opened a malicious
dump file, it could crash or, possibly, execute arbitrary code as the user
running Wireshark. (CVE-2010-0304)

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563,
CVE-2009-3550, CVE-2009-3829)

Users of Wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.11, and resolve these issues. All running instances
of Wireshark must be restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0360.html
http://www.redhat.com/security/updates/classification/#moderate
http://www.wireshark.org/security/wnpa-sec-2009-05.html
http://www.wireshark.org/security/wnpa-sec-2009-08.html
http://www.wireshark.org/security/wnpa-sec-2010-01.html

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2560
BugTraq ID: 35748
http://www.securityfocus.com/bid/35748
BugTraq ID: 36846
http://www.securityfocus.com/bid/36846
Debian Security Information: DSA-1942 (Google Search)
http://www.debian.org/security/2009/dsa-1942
http://www.mandriva.com/security/advisories?name=MDVSA-2009:194
http://www.openwall.com/lists/oss-security/2009/07/22/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10403
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6416
http://secunia.com/advisories/35884
http://secunia.com/advisories/37175
http://secunia.com/advisories/37409
http://secunia.com/advisories/37477
http://www.vupen.com/english/advisories/2009/1970
http://www.vupen.com/english/advisories/2009/3061
XForce ISS Database: wireshark-radius-dissector-dos(54019)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54019
Common Vulnerability Exposure (CVE) ID: CVE-2009-2562
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3564
http://www.openwall.com/lists/oss-security/2009/09/18/2
http://www.openwall.com/lists/oss-security/2009/09/17/15
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11643
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5625
Common Vulnerability Exposure (CVE) ID: CVE-2009-2563
http://www.mandriva.com/security/advisories?name=MDVSA-2010:031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11210
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6321
Common Vulnerability Exposure (CVE) ID: CVE-2009-3550
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6005
XForce ISS Database: wireshark-dcerpcnt-dos(54017)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54017
Common Vulnerability Exposure (CVE) ID: CVE-2009-3829
CERT/CC vulnerability note: VU#676492
http://www.kb.cert.org/vuls/id/676492
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5979
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9945
Common Vulnerability Exposure (CVE) ID: CVE-2009-4377
BugTraq ID: 37407
http://www.securityfocus.com/bid/37407
Debian Security Information: DSA-1983 (Google Search)
http://www.debian.org/security/2009/dsa-1983
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html
http://osvdb.org/61178
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9564
http://www.securitytracker.com/id?1023374
http://secunia.com/advisories/37842
http://secunia.com/advisories/37916
http://www.vupen.com/english/advisories/2009/3596
Common Vulnerability Exposure (CVE) ID: CVE-2010-0304
BugTraq ID: 37985
http://www.securityfocus.com/bid/37985
http://www.debian.org/security/2010/dsa-1983
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036415.html
http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h
http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname
http://www.openwall.com/lists/oss-security/2010/01/29/4
http://osvdb.org/61987
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8490
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9933
http://www.securitytracker.com/id?1023516
http://secunia.com/advisories/38257
http://secunia.com/advisories/38348
http://secunia.com/advisories/38829
http://www.vupen.com/english/advisories/2010/0239
XForce ISS Database: wireshark-lwres-bo(55951)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55951
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.