RHEL 2.1 / 3 / 4 : ethereal (RHSA-2006:0156)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated Ethereal packages that fix various security vulnerabilities
are now available.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

Ethereal is a program for monitoring network traffic.

Two denial of service bugs were found in Ethereal's IRC and GTP
protocol dissectors. Ethereal could crash or stop responding if it
reads a malformed IRC or GTP packet off the network. The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the
names CVE-2005-3313 and CVE-2005-4585 to these issues.

A buffer overflow bug was found in Ethereal's OSPF protocol dissector.
Ethereal could crash or execute arbitrary code if it reads a malformed
OSPF packet off the network. (CVE-2005-3651)

Users of ethereal should upgrade to these updated packages containing
version 0.10.14, which is not vulnerable to these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-3313.html
https://www.redhat.com/security/data/cve/CVE-2005-3651.html
https://www.redhat.com/security/data/cve/CVE-2005-4585.html
http://rhn.redhat.com/errata/RHSA-2006-0156.html

Solution :

Update the affected ethereal and / or ethereal-gnome packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 20480 ()

Bugtraq ID:

CVE ID: CVE-2005-3313
CVE-2005-3651
CVE-2005-4585