Detections
Analytics
Mandrake Linux Security Advisory : ethereal (MDKSA-2003:070)
critical Nessus Plugin ID 14053
Synopsis
The remote Mandrake Linux host is missing a security update.Description
A number of string handling bugs were found in the packet dissectors in ethereal that can be exploited using specially crafted packets to cause ethereal to consume excessive amounts of memory, crash, or even execute arbitrary code.These vulnerabilities have been fixed upsteam in ethereal 0.9.13 and all users are encouraged to upgrade.
Solution
Update the affected ethereal package.See Also
http://ethereal.archive.sunet.se/appnotes/enpa-sa-00010.html
Plugin Details
Severity: Critical
ID: 14053
File Name: mandrake_MDKSA-2003-070.nasl
Version: 1.20
Type: local
Family: Mandriva Local Security Checks
Published: 7/31/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:ethereal, cpe:/o:mandrakesoft:mandrake_linux:9.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 6/23/2003
Reference Information
CVE: CVE-2003-0428, CVE-2003-0429, CVE-2003-0431, CVE-2003-0432
MDKSA: 2003:070