Test ID:	1.3.6.1.4.1.25623.1.0.72064
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2011:164 (wireshark)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to wireshark announced via advisory MDVSA-2011:164. This advisory updates wireshark to the latest version (1.6.3), fixing several security issues: An uninitialized variable in the CSN.1 dissector could cause a crash (CVE-2011-4100). Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that the Infiniband dissector could dereference a NULL pointer (CVE-2011-4101). Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a buffer overflow in the ERF file reader (CVE-2011-4102). The updated packages have been upgraded to the latest 1.6.x version (1.6.3) which is not vulnerable to these issues. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:164 http://www.wireshark.org/security/wnpa-sec-2011-17.html http://www.wireshark.org/security/wnpa-sec-2011-18.html http://www.wireshark.org/security/wnpa-sec-2011-19.html Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4100 46644 http://secunia.com/advisories/46644 50479 http://www.securityfocus.com/bid/50479 76768 http://osvdb.org/76768 [oss-security] 20111101 Re: CVE request for wireshark flaws http://openwall.com/lists/oss-security/2011/11/01/9 http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140 http://www.wireshark.org/security/wnpa-sec-2011-17.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351 https://bugzilla.redhat.com/show_bug.cgi?id=750643 oval:org.mitre.oval:def:14833 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14833 wireshark-csn1-dissector-dos(71090) https://exchange.xforce.ibmcloud.com/vulnerabilities/71090 Common Vulnerability Exposure (CVE) ID: CVE-2011-4101 50481 http://www.securityfocus.com/bid/50481 76769 http://osvdb.org/76769 http://anonsvn.wireshark.org/viewvc?view=revision&revision=39500 http://www.wireshark.org/security/wnpa-sec-2011-18.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6476 https://bugzilla.redhat.com/show_bug.cgi?id=750645 oval:org.mitre.oval:def:14760 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14760 wireshark-infiniband-dissector-dos(71091) https://exchange.xforce.ibmcloud.com/vulnerabilities/71091 Common Vulnerability Exposure (CVE) ID: CVE-2011-4102 46913 http://secunia.com/advisories/46913 48947 http://secunia.com/advisories/48947 50486 http://www.securityfocus.com/bid/50486 76770 http://osvdb.org/76770 RHSA-2013:0125 http://rhn.redhat.com/errata/RHSA-2013-0125.html http://anonsvn.wireshark.org/viewvc?view=revision&revision=39508 http://www.wireshark.org/security/wnpa-sec-2011-19.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6479 https://bugzilla.redhat.com/show_bug.cgi?id=750648 oval:org.mitre.oval:def:15073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15073 wireshark-erf-bo(71092) https://exchange.xforce.ibmcloud.com/vulnerabilities/71092
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.