Mandrake Linux Security Advisory : ethereal (MDKSA-2004:002)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Two vulnerabilities were discovered in versions of Ethereal prior to
0.10.0 that can be exploited to make Ethereal crash by injecting
malformed packets onto the wire or by convincing a user to read a
malformed packet trace file. The first vulnerability is in the SMB
dissector and the second is in the Q.391 dissector. It is not known
whether or not these issues could lead to the execution of arbitrary
code.

The updated packages provide Ethereal 0.10.0 which is not vulnerable
to these issues.

Solution :

Update the affected ethereal package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14102 (mandrake_MDKSA-2004-002.nasl)

Bugtraq ID:

CVE ID: CVE-2003-1012
CVE-2003-1013

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now