FreeBSD : ethereal -- Multiple Protocol Dissector Vulnerabilities (21c223f2-d596-11da-8098-00123ffe8333)

critical Nessus Plugin ID 21397

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Secunia reports :

Multiple vulnerabilities have been reported in Ethereal, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerabilities are caused due to various types of errors including boundary errors, an off-by-one error, an infinite loop error, and several unspecified errors in a multitude of protocol dissectors.

Successful exploitation causes Ethereal to stop responding, consume a large amount of system resources, crash, or execute arbitrary code.

Solution

Update the affected packages.

See Also

http://ethereal.archive.sunet.se/appnotes/enpa-sa-00023.html

http://www.nessus.org/u?c466c590

Plugin Details

Severity: Critical

ID: 21397

File Name: freebsd_pkg_21c223f2d59611da809800123ffe8333.nasl

Version: 1.15

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ethereal, p-cpe:/a:freebsd:freebsd:ethereal-lite, p-cpe:/a:freebsd:freebsd:tethereal, p-cpe:/a:freebsd:freebsd:tethereal-lite, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/27/2006

Vulnerability Publication Date: 4/25/2006

Reference Information

CVE: CVE-2006-1932, CVE-2006-1933, CVE-2006-1934, CVE-2006-1935, CVE-2006-1936, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940

Secunia: 19769