This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated Ethereal packages that fix various security vulnerabilities
are now available.
Ethereal is a program for monitoring network traffic.
A number of security flaws have been discovered in Ethereal. On a
system where Ethereal is running, a remote attacker could send
malicious packets to trigger these flaws.
A flaw in the DICOM dissector could cause a crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-1139 to this issue.
A invalid RTP timestamp could hang Ethereal and create a large
temporary file, possibly filling available disk space. (CVE-2004-1140)
The HTTP dissector could access previously-freed memory, causing a
An improperly formatted SMB packet could make Ethereal hang,
maximizing CPU utilization. (CVE-2004-1142)
The COPS dissector could go into an infinite loop. (CVE-2005-0006)
The DLSw dissector could cause an assertion, making Ethereal exit
The DNP dissector could cause memory corruption. (CVE-2005-0008)
The Gnutella dissector could cause an assertion, making Ethereal exit
The MMSE dissector could free static memory, causing a crash.
The X11 protocol dissector is vulnerable to a string buffer overflow.
Users of Ethereal should upgrade to these updated packages which
contain version 0.10.9 that is not vulnerable to these issues.
See also :
Update the affected ethereal and / or ethereal-gnome packages.
Risk factor :
High / CVSS Base Score : 7.5