RHEL 2.1 / 3 : ethereal (RHSA-2004:234)

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated Ethereal packages that fix various security vulnerabilities
are now available.

Ethereal is a program for monitoring network traffic.

The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3
contained a buffer overflow flaw. On a system where Ethereal is
running, a remote attacker could send malicious packets that could
cause Ethereal to crash or execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0507 to this issue.

In addition, other flaws in Ethereal prior to 0.10.4 were found that
could cause it to crash in response to carefully crafted SIP
(CVE-2004-0504), AIM (CVE-2004-0505), or SPNEGO (CVE-2004-0506)

Users of Ethereal should upgrade to these updated packages, which
contain backported security patches that correct these issues.

See also :


Solution :

Update the affected ethereal and / or ethereal-gnome packages.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12501 ()

Bugtraq ID:

CVE ID: CVE-2004-0504

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now