Mandrake Linux Security Advisory : ethereal (MDKSA-2005:083)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A number of vulnerabilities were discovered in previous version of
Ethereal that have been fixed in the 0.10.11 release, including :

- The ANSI A and DHCP dissectors are vulnerable to format
string vulnerabilities.

- The DISTCC, FCELS, SIP, ISIS, CMIP, CMP, CMS, CRMF, ESS,
OCSP, PKIX1Explitit, PKIX Qualified, X.509, Q.931,
MEGACO, NCP, ISUP, TCAP and Presentation dissectors are
vulnerable to buffer overflows.

- The KINK, WSP, SMB Mailslot, H.245, MGCP, Q.931, RPC,
GSM and SMB NETLOGON dissectors are vulnerable to
pointer handling errors.

- The LMP, KINK, MGCP, RSVP, SRVLOC, EIGRP, MEGACO, DLSw,
NCP and L2TP dissectors are vulnerable to looping
problems.

- The Telnet and DHCP dissectors could abort.

- The TZSP, Bittorrent, SMB, MGCP and ISUP dissectors
could cause a segmentation fault.

- The WSP, 802.3 Slow protocols, BER, SMB Mailslot, SMB,
NDPS, IAX2, RADIUS, SMB PIPE, MRDISC and TCAP dissectors
could throw assertions.

- The DICOM, NDPS and ICEP dissectors are vulnerable to
memory handling errors.

- The GSM MAP, AIM, Fibre Channel,SRVLOC, NDPS, LDAP and
NTLMSSP dissectors could terminate abnormallly.

See also :

http://ethereal.archive.sunet.se/appnotes/enpa-sa-00019.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now