SuSE 10 Security Update : ethereal (ZYPP Patch Number 2028)
Medium Nessus Plugin ID 29419
The remote SuSE 10 host is missing a security-related patch.
A security problem was fixed in ethereal, which could be used by remote attackers to hang the ethereal process. - If the SSCOP dissector has a port range configured AND the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default. (CVE-2006-4333) The vulnerabilities tracked by the Mitre CVE IDs CVE-2006-4330 (SCSI dissector), CVE-2006-4331 (ESP decryption), CVE-2006-4332 (DHCP dissector) do not affect our shipped ethereal releases.