Medium Nessus Plugin ID 24442
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:065 (ethereal).
Various problems have been fixed in the network analyzer Ethereal (now called Wireshark), most of them leading to crashes of the ethereal program.
CVE-2006-5740: An unspecified vulnerability in the LDAP dissector could be used to crash Ethereal.
CVE-2006-4574: A single \0 byte heap overflow was fixed in the MIME multipart dissector. Potential of exploitability is unknown, but considered low.
CVE-2006-4805: A denial of service problem in the XOT dissector can cause it to take up huge amount of memory and crash ethereal.
CVE-2006-5469: The WBXML dissector could be used to crash ethereal.
CVE-2006-5468: A NULL pointer dereference in the HTTP dissector could crash ethereal.