SUSE-SA:2006:065: ethereal

This script is Copyright (C) 2007-2010 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2006:065 (ethereal).


Various problems have been fixed in the network analyzer Ethereal (now called
Wireshark), most of them leading to crashes of the ethereal program.

CVE-2006-5740: An unspecified vulnerability in the LDAP dissector
could be used to crash Ethereal.

CVE-2006-4574: A single \0 byte heap overflow was fixed in the MIME multipart
dissector. Potential of exploitability is unknown, but considered low.

CVE-2006-4805: A denial of service problem in the XOT dissector can cause
it to take up huge amount of memory and crash ethereal.

CVE-2006-5469: The WBXML dissector could be used to crash ethereal.

CVE-2006-5468: A NULL pointer dereference in the HTTP dissector could
crash ethereal.

Solution :

http://www.novell.com/linux/security/advisories/2006_65_ethereal.html

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 24442 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now