This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated Ethereal packages that fix various security vulnerabilities
are now available.
Ethereal is a program for monitoring network traffic.
Stefan Esser reported that Ethereal versions 0.10.1 and earlier
contain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP
dissectors. On a system where Ethereal is being run a remote attacker
could send malicious packets that could cause Ethereal to crash or
execute arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0176 to this
Jonathan Heussser discovered that a carefully-crafted RADIUS packet
could cause a crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0365 to this issue.
Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of
service (crash) via a zero-length Presentation protocol selector. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0367 to this issue.
Users of Ethereal should upgrade to these updated packages, which
contain a version of Ethereal that is not vulnerable to these issues.
See also :
Update the affected ethereal and / or ethereal-gnome packages.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12482 ()
CVE ID: CVE-2004-0176CVE-2004-0365CVE-2004-0367CVE-2004-1761
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.