Mandrake Linux Security Advisory : ethereal (MDKSA-2003:114)

high Nessus Plugin ID 14096

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

A number of vulnerabilities were discovered in ethereal that, if exploited, could be used to make ethereal crash or run arbitrary code by injecting malicious malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

A buffer overflow allows attackers to cause a DoS (Denial of Service) and possibly execute arbitrary code using a malformed GTP MSISDN string (CVE-2003-0925).

Likewise, a DoS can be caused by using malformed ISAKMP or MEGACO packets (CVE-2003-0926).

Finally, a heap-based buffer overflow allows attackers to cause a DoS or execute arbitrary code using the SOCKS dissector (CVE-2003-0927).

All three vulnerabilities affect all versions of Ethereal up to and including 0.9.15. This update provides 0.9.16 which corrects all of these issues. Also note that each vulnerability can be exploited by a remote attacker.

Solution

Update the affected ethereal package.

See Also

http://ethereal.archive.sunet.se/appnotes/enpa-sa-00011.html

Plugin Details

Severity: High

ID: 14096

File Name: mandrake_MDKSA-2003-114.nasl

Version: 1.18

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:ethereal, cpe:/o:mandrakesoft:mandrake_linux:9.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 12/10/2003

Reference Information

CVE: CVE-2003-0925, CVE-2003-0926, CVE-2003-0927

MDKSA: 2003:114