RHEL 2.1 / 3 / 4 : ethereal (RHSA-2006:0420)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated Ethereal packages that fix various security vulnerabilities
are now available.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

Ethereal is a program for monitoring network traffic.

Several denial of service bugs were found in Ethereal's protocol
dissectors. Ethereal could crash or stop responding if it reads a
malformed packet off the network. (CVE-2006-1932, CVE-2006-1933,
CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940)

Several buffer overflow bugs were found in Ethereal's COPS, telnet,
and ALCAP dissectors as well as Network Instruments file code and
NetXray/Windows Sniffer file code. Ethereal could crash or execute
arbitrary code if it reads a malformed packet off the network.
(CVE-2006-1934, CVE-2006-1935, CVE-2006-1936)

Users of ethereal should upgrade to these updated packages containing
version 0.99.0, which is not vulnerable to these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2006-1932.html
https://www.redhat.com/security/data/cve/CVE-2006-1933.html
https://www.redhat.com/security/data/cve/CVE-2006-1934.html
https://www.redhat.com/security/data/cve/CVE-2006-1935.html
https://www.redhat.com/security/data/cve/CVE-2006-1936.html
https://www.redhat.com/security/data/cve/CVE-2006-1937.html
https://www.redhat.com/security/data/cve/CVE-2006-1938.html
https://www.redhat.com/security/data/cve/CVE-2006-1939.html
https://www.redhat.com/security/data/cve/CVE-2006-1940.html
http://ethereal.archive.sunet.se/appnotes/enpa-sa-00023.html
http://rhn.redhat.com/errata/RHSA-2006-0420.html

Solution :

Update the affected ethereal and / or ethereal-gnome packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 21364 ()

Bugtraq ID:

CVE ID: CVE-2006-1932
CVE-2006-1933
CVE-2006-1934
CVE-2006-1935
CVE-2006-1936
CVE-2006-1937
CVE-2006-1938
CVE-2006-1939
CVE-2006-1940