FreeBSD : ethereal -- multiple protocol dissectors vulnerabilities (831a6a66-79fa-11d9-a9e7-0001020eed82)
High Nessus Plugin ID 19007
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionAn Ethreal Security Advisories reports :
Issues have been discovered in the following protocol dissectors :
- The COPS dissector could go into an infinite loop. CVE:
- The DLSw dissector could cause an assertion. CVE : CAN-2005-0007
- The DNP dissector could cause memory corruption. CVE : CAN-2005-0008
- The Gnutella dissector could cuase an assertion. CVE : CAN-2005-0009
- The MMSE dissector could free statically-allocated memory. CVE:
- The X11 dissector is vulnerable to a string buffer overflow. CVE:
Impact: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
SolutionUpdate the affected packages.