This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated Ethereal packages that fix various security vulnerabilities
are now available.
Ethereal is a program for monitoring network traffic.
Stefan Esser reported that Ethereal versions 0.10.1 and earlier
contain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP
dissectors. On a system where Ethereal is being run a remote attacker
could send malicious packets that could cause Ethereal to crash or
execute arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0176 to this
Jonathan Heussser discovered that a carefully-crafted RADIUS packet
could cause a crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0365 to this issue.
Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of
service (crash) via a zero-length Presentation protocol selector. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0367 to this issue.
Users of Ethereal should upgrade to these updated packages, which
contain a version of Ethereal that is not vulnerable to these issues.
See also :
Update the affected ethereal and / or ethereal-gnome packages.
Risk factor :
Medium / CVSS Base Score : 5.0