Detections
Analytics
Mandrake Linux Security Advisory : ethereal (MDKSA-2004:067)
medium Nessus Plugin ID 14166
Synopsis
The remote Mandrake Linux host is missing a security update.Description
Three vulnerabilities were discovered in Ethereal versions prior to 0.10.5 in the iSNS, SMB SID, and SNMP dissectors. It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet into the wire or by convincing someone to read a malformed packet trace file.These vulnerabilities have been corrected in Ethereal 0.10.5.
Solution
Update the affected ethereal package.See Also
http://ethereal.archive.sunet.se/appnotes/enpa-sa-00015.html
Plugin Details
Severity: Medium
ID: 14166
File Name: mandrake_MDKSA-2004-067.nasl
Version: 1.20
Type: local
Family: Mandriva Local Security Checks
Published: 7/31/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:ethereal, cpe:/o:mandrakesoft:mandrake_linux:9.2, cpe:/o:mandrakesoft:mandrake_linux:10.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 7/9/2004
Reference Information
CVE: CVE-2004-0633, CVE-2004-0634, CVE-2004-0635
MDKSA: 2004:067