FreeBSD : ethereal -- multiple protocol dissectors vulnerabilities (5d51d245-00ca-11da-bc08-0001020eed82)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

An Ethreal Security Advisories reports :

Our testing program has turned up several more security issues :

- The LDAP dissector could free static memory and crash.

- The AgentX dissector could crash.

- The 802.3 dissector could go into an infinite loop.

- The PER dissector could abort.

- The DHCP dissector could go into an infinite loop.

- The BER dissector could abort or loop infinitely.

- The MEGACO dissector could go into an infinite loop.

- The GIOP dissector could dereference a NULL pointer.

- The SMB dissector was susceptible to a buffer overflow.

- The WBXML could dereference a NULL pointer.

- The H1 dissector could go into an infinite loop.

- The DOCSIS dissector could cause a crash.

- The SMPP dissector could go into an infinite loop.

- SCTP graphs could crash.

- The HTTP dissector could crash.

- The SMB dissector could go into a large loop.

- The DCERPC dissector could crash.

- Several dissectors could crash while reassembling packets.

Steve Grubb at Red Hat found the following issues :

- The CAMEL dissector could dereference a NULL pointer.

- The DHCP dissector could crash.

- The CAMEL dissector could crash.

- The PER dissector could crash.

- The RADIUS dissector could crash.

- The Telnet dissector could crash.

- The IS-IS LSP dissector could crash.

- The NCP dissector could crash.

iDEFENSE found the following issues :

- Several dissectors were susceptible to a format string overflow.
Impact : It may be possible to make Ethereal crash, use up available
memory, or run arbitrary code by injecting a purposefully malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file.

See also :

http://ethereal.archive.sunet.se/appnotes/enpa-sa-00020.html
http://www.nessus.org/u?43eee165

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19344 (freebsd_pkg_5d51d24500ca11dabc080001020eed82.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now