Fedora Core 5 : wireshark-0.99.2-fc5.2 (2006-860)

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora Core host is missing a security update.

Description :

Versions affected: 0.8.16 up to and including 0.99.0 Details
Description Wireshark 0.99.2 fixes the following vulnerabilities :

- The GSM BSSMAP dissector could crash. Versions affected:
0.10.11. CVE: CVE-2006-3627

Ilja van Sprundel discovered the following vulnerabilities :

- The ANSI MAP dissector was vulnerable to a format string
overflow. Versions affected: 0.10.0. CVE: CVE-2006-3628

- The Checkpoint FW-1 dissector was vulnerable to a format
string overflow. Versions affected: 0.10.10. CVE:
CVE-2006-3628

- The MQ dissector was vulnerable to a format string
overflow. Versions affected: 0.10.4. CVE: CVE-2006-3628

- The XML dissector was vulnerable to a format string
overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628

- The MOUNT dissector could attempt to allocate large
amounts of memory. Versions affected: 0.9.4. CVE:
CVE-2006-3629

- The NCP NMAS and NDPS dissectors were susceptible to
off-by-one errors. Versions affected: 0.9.7. CVE:
CVE-2006-3630

- The NTP dissector was vulnerable to a format string
overflow. Versions affected: 0.10.13. CVE: CVE-2006-3628

- The SSH dissector was vulnerable to an infinite loop.
Versions affected: 0.9.10. CVE: CVE-2006-3631

- The NFS dissector may have been susceptible to a buffer
overflow. Versions affected: 0.8.16. CVE: CVE-2006-3632

Impact It may be possible to make Ethereal crash, use up available
memory, or run arbitrary code by injecting a purposefully malformed
packet onto the wire or by convincing someone to read a malformed
packet trace file. Resolution Upgrade to Wireshark 0.99.2.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?4e595c9e

Solution :

Update the affected wireshark, wireshark-debuginfo and / or
wireshark-gnome packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Fedora Local Security Checks

Nessus Plugin ID: 24160 (fedora_2006-860.nasl)

Bugtraq ID:

CVE ID: CVE-2006-3627

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now