Fedora Core 3 : ethereal-0.10.13-1.FC3.1 (2005-1008)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

Ethereal 0.10.13 is scheduled to be released, which fixes the
following issues :

The ISAKMP dissector could exhaust system memory. (CVE-2005-3241)
Fixed in: r15163 Bug IDs: none Versions affected: 0.10.11 to 0.10.12.

The FC-FCS dissector could exhaust system memory.
(CVE-2005-3241) Fixed in: r15204 Bug IDs: 312 Versions
affected: 0.9.0 to 0.10.12.

The RSVP dissector could exhaust system memory.
(CVE-2005-3241) Fixed in: r15206, r15600 Bug IDs: 311, 314,
382 Versions affected: 0.9.4 to 0.10.12.

The ISIS LSP dissector could exhaust system memory.
(CVE-2005-3241) Fixed in: r15245 Bug IDs: 320, 326 Versions
affected: 0.8.18 to 0.10.12.

The IrDA dissector could crash. (CVE-2005-3242) Fixed in:
r15265, r15267 Bug IDs: 328, 329, 330, 334, 335, 336
Versions affected: 0.10.0 to 0.10.12.

The SLIMP3 dissector could overflow a buffer.
(CVE-2005-3243) Fixed in: r15279 Bug IDs: 327 Versions
affected: 0.9.1 to 0.10.12.

The BER dissector was susceptible to an infinite loop.
(CVE-2005-3244) Fixed in: r15292 Bug IDs: none Versions
affected: 0.10.3 to 0.10.12.

The SCSI dissector could dereference a NULL pointer and
crash. (CVE-2005-3246) Fixed in: r15289 Bug IDs: none
Versions affected: 0.10.3 to 0.10.12.

If the 'Dissect unknown RPC program numbers' option was
enabled, the ONC RPC dissector might be able to exhaust
system memory. This option is disabled by default.
(CVE-2005-3245) Fixed in: r15290 Bug IDs: none Versions
affected: 0.7.7 to 0.10.12.

The sFlow dissector could dereference a NULL pointer and
crash (CVE-2005-3246) Fixed in: r15375 Bug IDs: 356 Versions
affected: 0.9.14 to 0.10.12.

The RTnet dissector could dereference a NULL pointer and
crash (CVE-2005-3246) Fixed in: r15673 Bug IDs: none
Versions affected: 0.10.8 to 0.10.12.

The SigComp UDVM could go into an infinite loop or crash.
(CVE-2005-3247) Fixed in: r15715, r15901, r15919 Bug IDs:
none Versions affected: 0.10.12.

If SMB transaction payload reassembly is enabled the SMB
dissector could crash. This preference is disabled by
default. (CVE-2005-3242) Fixed in: r15789 Bug IDs: 421
Versions affected: 0.9.7 to 0.10.12.

The X11 dissector could attempt to divide by zero.
(CVE-2005-3248) Fixed in: r15927 Bug IDs: none Versions
affected: 0.10.1 to 0.10.12.

The AgentX dissector could overflow a buffer.
(CVE-2005-3243) Fixed in: r16003 Bug IDs: none Versions
affected: 0.10.10 to 0.10.12.

The WSP dissector could free an invalid pointer.
(CVE-2005-3249) Fixed in: r16220 Bug IDs: none Versions
affected: 0.10.1 to 0.10.12.

iDEFENSE found a buffer overflow in the SRVLOC dissector.
(CVE-2005-3184) Fixed in: r16206 Bug IDs: none Versions
affected: 0.10.0 to 0.10.12.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?2e8ffd90

Solution :

Update the affected ethereal, ethereal-debuginfo and / or
ethereal-gnome packages.

Risk factor :

High

Family: Fedora Local Security Checks

Nessus Plugin ID: 20074 (fedora_2005-1008.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now