| Description: | Summary:
The remote host is missing an update for the 'wireshark'
package(s) announced via the referenced advisory.
Vulnerability Insight:
This advisory updates wireshark to the latest version (1.2.16),
fixing several security issues:
The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x
before 1.4.5 does not properly initialize certain global variables,
which allows remote attackers to cause a denial of service (application
crash) via a crafted .pcap file (CVE-2011-1590).
Stack-based buffer overflow in the DECT dissector in
epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows
remote attackers to execute arbitrary code via a crafted .pcap file
(CVE-2011-1591).
The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x
before 1.4.5 on Windows uses an incorrect integer data type during
decoding of SETCLIENTID calls, which allows remote attackers to cause
a denial of service (application crash) via a crafted .pcap file
(CVE-2011-1592).
The updated packages have been upgraded to the latest 1.2.x version
(1.2.16) which is not vulnerable to these issues.
Affected Software/OS:
wireshark on Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64
Solution:
Please Install the Updated Packages.
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
