Mandriva Linux Security Advisory : wireshark (MDVSA-2010:016)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

This advisory updates wireshark to the latest 1.2.5 version, fixing
several bugs and two security issues :

- The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0
through 1.2.4 allow remote attackers to cause a denial
of service (crash) via a crafted packet (CVE-2009-4377)

- Buffer overflow in the daintree_sna_read function in the
Daintree SNA file parser in Wireshark 1.2.0 through
1.2.4 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via
a crafted packet (CVE-2009-4376)

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 48169 (mandriva_MDVSA-2010-016.nasl)

Bugtraq ID: 37407

CVE ID: CVE-2009-4376
CVE-2009-4377

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now