SUSE-SA:2006:065: ethereal

Medium Nessus Plugin ID 24442


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2006:065 (ethereal).

Various problems have been fixed in the network analyzer Ethereal (now called Wireshark), most of them leading to crashes of the ethereal program.

CVE-2006-5740: An unspecified vulnerability in the LDAP dissector could be used to crash Ethereal.

CVE-2006-4574: A single \0 byte heap overflow was fixed in the MIME multipart dissector. Potential of exploitability is unknown, but considered low.

CVE-2006-4805: A denial of service problem in the XOT dissector can cause it to take up huge amount of memory and crash ethereal.

CVE-2006-5469: The WBXML dissector could be used to crash ethereal.

CVE-2006-5468: A NULL pointer dereference in the HTTP dissector could crash ethereal.


Plugin Details

Severity: Medium

ID: 24442

File Name: suse_SA_2006_065.nasl

Version: $Revision: 1.5 $

Agent: unix

Published: 2007/02/18

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list