Detections
Analytics

Fedora Core 3 : ethereal-0.10.13-1.FC3.1 (2005-1008)

high Nessus Plugin ID 20074

Synopsis

The remote Fedora Core host is missing a security update.

Description

Ethereal 0.10.13 is scheduled to be released, which fixes the following issues :

The ISAKMP dissector could exhaust system memory. (CVE-2005-3241) Fixed in: r15163 Bug IDs: none Versions affected: 0.10.11 to 0.10.12.

The FC-FCS dissector could exhaust system memory.
(CVE-2005-3241) Fixed in: r15204 Bug IDs: 312 Versions affected: 0.9.0 to 0.10.12.

The RSVP dissector could exhaust system memory.
(CVE-2005-3241) Fixed in: r15206, r15600 Bug IDs: 311, 314, 382 Versions affected: 0.9.4 to 0.10.12.

The ISIS LSP dissector could exhaust system memory.
(CVE-2005-3241) Fixed in: r15245 Bug IDs: 320, 326 Versions affected: 0.8.18 to 0.10.12.

The IrDA dissector could crash. (CVE-2005-3242) Fixed in:
r15265, r15267 Bug IDs: 328, 329, 330, 334, 335, 336 Versions affected: 0.10.0 to 0.10.12.

The SLIMP3 dissector could overflow a buffer.
(CVE-2005-3243) Fixed in: r15279 Bug IDs: 327 Versions affected: 0.9.1 to 0.10.12.

The BER dissector was susceptible to an infinite loop.
(CVE-2005-3244) Fixed in: r15292 Bug IDs: none Versions affected: 0.10.3 to 0.10.12.

The SCSI dissector could dereference a NULL pointer and crash. (CVE-2005-3246) Fixed in: r15289 Bug IDs: none Versions affected: 0.10.3 to 0.10.12.

If the 'Dissect unknown RPC program numbers' option was enabled, the ONC RPC dissector might be able to exhaust system memory. This option is disabled by default.
(CVE-2005-3245) Fixed in: r15290 Bug IDs: none Versions affected: 0.7.7 to 0.10.12.

The sFlow dissector could dereference a NULL pointer and crash (CVE-2005-3246) Fixed in: r15375 Bug IDs: 356 Versions affected: 0.9.14 to 0.10.12.

The RTnet dissector could dereference a NULL pointer and crash (CVE-2005-3246) Fixed in: r15673 Bug IDs: none Versions affected: 0.10.8 to 0.10.12.

The SigComp UDVM could go into an infinite loop or crash.
(CVE-2005-3247) Fixed in: r15715, r15901, r15919 Bug IDs:
none Versions affected: 0.10.12.

If SMB transaction payload reassembly is enabled the SMB dissector could crash. This preference is disabled by default. (CVE-2005-3242) Fixed in: r15789 Bug IDs: 421 Versions affected: 0.9.7 to 0.10.12.

The X11 dissector could attempt to divide by zero.
(CVE-2005-3248) Fixed in: r15927 Bug IDs: none Versions affected: 0.10.1 to 0.10.12.

The AgentX dissector could overflow a buffer.
(CVE-2005-3243) Fixed in: r16003 Bug IDs: none Versions affected: 0.10.10 to 0.10.12.

The WSP dissector could free an invalid pointer.
(CVE-2005-3249) Fixed in: r16220 Bug IDs: none Versions affected: 0.10.1 to 0.10.12.

iDEFENSE found a buffer overflow in the SRVLOC dissector.
(CVE-2005-3184) Fixed in: r16206 Bug IDs: none Versions affected: 0.10.0 to 0.10.12.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected ethereal, ethereal-debuginfo and / or ethereal-gnome packages.

See Also

http://www.nessus.org/u?2e8ffd90

Plugin Details

Severity: High

ID: 20074

File Name: fedora_2005-1008.nasl

Version: 1.15

Type: local

Agent: unix

Published: 10/24/2005

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:ethereal, p-cpe:/a:fedoraproject:fedora:ethereal-debuginfo, p-cpe:/a:fedoraproject:fedora:ethereal-gnome, cpe:/o:fedoraproject:fedora_core:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 10/20/2005

Reference Information

FEDORA: 2005-1008