RHEL 2.1 / 3 : ethereal (RHSA-2003:324)

high Nessus Plugin ID 12433

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated Ethereal packages that fix a number of exploitable security issues are now available.

Ethereal is a program for monitoring network traffic.

A number of security issues affect Ethereal. By exploiting these issues, it may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully-malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

A buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0925 to this issue.

Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed ISAKMP or MEGACO packets. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0926 to this issue.

A heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0927 to this issue.

Users of Ethereal should update to these erratum packages containing Ethereal version 0.9.16, which is not vulnerable to these issues.

Solution

Update the affected ethereal and / or ethereal-gnome packages.

See Also

https://access.redhat.com/security/cve/cve-2003-0925

https://access.redhat.com/security/cve/cve-2003-0926

https://access.redhat.com/security/cve/cve-2003-0927

http://ethereal.archive.sunet.se/appnotes/enpa-sa-00011.html

https://access.redhat.com/errata/RHSA-2003:324

Plugin Details

Severity: High

ID: 12433

File Name: redhat-RHSA-2003-324.nasl

Version: 1.26

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:2.1, p-cpe:/a:redhat:enterprise_linux:ethereal-gnome, cpe:/o:redhat:enterprise_linux:3, p-cpe:/a:redhat:enterprise_linux:ethereal

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 11/12/2003

Vulnerability Publication Date: 12/1/2003

Reference Information

CVE: CVE-2003-0925, CVE-2003-0926, CVE-2003-0927

RHSA: 2003:324