RHEL 2.1 : ethereal (RHSA-2002:291)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated Ethereal packages are available which fix various security
issues.

[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation
2.1

Ethereal is a package designed for monitoring network traffic on your
system. Several security issues have been found in the Ethereal
packages distributed with Red Hat Linux Advanced Server 2.1.

Multiple errors involving signed integers in the BGP dissector in
Ethereal 0.9.7 and earlier allow remote attackers to cause a denial of
service (infinite loop) via malformed messages. This problem was
discovered by Silvio Cesare. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2002-1355 to this
issue.

Ethereal 0.9.7 and earlier allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via malformed
packets to the LMP, PPP, or TDS dissectors. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CVE-2002-1356 to this issue.

Users of Ethereal should update to the errata packages containing
Ethereal version 0.9.8 which is not vulnerable to these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-1355.html
https://www.redhat.com/security/data/cve/CVE-2002-1356.html
http://ethereal.archive.sunet.se/appnotes/enpa-sa-00007.html
http://rhn.redhat.com/errata/RHSA-2002-291.html

Solution :

Update the affected ethereal and / or ethereal-gnome packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12341 ()

Bugtraq ID:

CVE ID: CVE-2002-1355
CVE-2002-1356