Mandrake Linux Security Advisory : ethereal (MDKSA-2003:114)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

A number of vulnerabilities were discovered in ethereal that, if
exploited, could be used to make ethereal crash or run arbitrary code
by injecting malicious malformed packets onto the wire or by
convincing someone to read a malformed packet trace file.

A buffer overflow allows attackers to cause a DoS (Denial of Service)
and possibly execute arbitrary code using a malformed GTP MSISDN
string (CVE-2003-0925).

Likewise, a DoS can be caused by using malformed ISAKMP or MEGACO
packets (CVE-2003-0926).

Finally, a heap-based buffer overflow allows attackers to cause a DoS
or execute arbitrary code using the SOCKS dissector (CVE-2003-0927).

All three vulnerabilities affect all versions of Ethereal up to and
including 0.9.15. This update provides 0.9.16 which corrects all of
these issues. Also note that each vulnerability can be exploited by a
remote attacker.

See also :

http://ethereal.archive.sunet.se/appnotes/enpa-sa-00011.html

Solution :

Update the affected ethereal package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14096 (mandrake_MDKSA-2003-114.nasl)

Bugtraq ID:

CVE ID: CVE-2003-0925
CVE-2003-0926
CVE-2003-0927

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now