Mandrake Linux Security Advisory : ethereal (MDKSA-2004:152)
Medium Nessus Plugin ID 16014
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA number of vulnerabilities were discovered in Ethereal :
- Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash (CVE-2004-1139)
- An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling available disk space (CVE-2004-1140)
- The HTTP dissector could access previously-freed memory, causing a crash (CVE-2004-1141)
- Brian Caswell discovered that an improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization (CVE-2004-1142)
Ethereal 0.10.8 was released to correct these problems and is being provided.
SolutionUpdate the affected packages.