RHEL 2.1 / 3 : ethereal (RHSA-2004:378)

medium Nessus Plugin ID 14215

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated Ethereal packages that fix various security vulnerabilities are now available.

Ethereal is a program for monitoring network traffic.

The SNMP dissector in Ethereal releases 0.8.15 through 0.10.4 contained a memory read flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0635 to this issue.

The SMB dissector in Ethereal releases 0.9.15 through 0.10.4 contained a NULL pointer flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0634 to this issue.

The iSNS dissector in Ethereal releases 0.10.3 through 0.10.4 contained an integer overflow flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0633 to this issue.

Users of Ethereal should upgrade to these updated packages, which contain a version that is not vulnerable to these issues.

Solution

Update the affected ethereal and / or ethereal-gnome packages.

See Also

https://access.redhat.com/security/cve/cve-2004-0633

https://access.redhat.com/security/cve/cve-2004-0634

https://access.redhat.com/security/cve/cve-2004-0635

http://ethereal.archive.sunet.se/appnotes/enpa-sa-00015.html

https://access.redhat.com/errata/RHSA-2004:378

Plugin Details

Severity: Medium

ID: 14215

File Name: redhat-RHSA-2004-378.nasl

Version: 1.33

Type: local

Agent: unix

Published: 8/5/2004

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ethereal, p-cpe:/a:redhat:enterprise_linux:ethereal-gnome, cpe:/o:redhat:enterprise_linux:2.1, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 9/28/2004

Vulnerability Publication Date: 12/6/2004

Reference Information

CVE: CVE-2004-0633, CVE-2004-0634, CVE-2004-0635

RHSA: 2004:378