openSUSE 10 Security Update : ethereal (ethereal-2029)
Medium Nessus Plugin ID 27206
SynopsisThe remote openSUSE host is missing a security update.
DescriptionA security problem was fixed in ethereal, which could be used by remote attackers to hang the ethereal process.
CVE-2006-4333: If the SSCOP dissector has a port range configured AND the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default.
The vulnerabilities tracked by the Mitre CVE IDs CVE-2006-4330 (SCSI dissector), CVE-2006-4331 (ESP decryption), CVE-2006-4332 (DHCP dissector) do not affect our shipped ethereal releases.
SolutionUpdate the affected ethereal packages.