Detections
Analytics
FreeBSD : ethereal -- multiple protocol dissectors vulnerabilities (831a6a66-79fa-11d9-a9e7-0001020eed82)
high Nessus Plugin ID 19007
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
An Ethreal Security Advisories reports :Issues have been discovered in the following protocol dissectors :
- The COPS dissector could go into an infinite loop. CVE:
CAN-2005-0006
- The DLSw dissector could cause an assertion. CVE : CAN-2005-0007
- The DNP dissector could cause memory corruption. CVE : CAN-2005-0008
- The Gnutella dissector could cuase an assertion. CVE : CAN-2005-0009
- The MMSE dissector could free statically-allocated memory. CVE:
CAN-2005-0010
- The X11 dissector is vulnerable to a string buffer overflow. CVE:
CAN-2005-0084
Impact: It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Solution
Update the affected packages.See Also
http://ethereal.archive.sunet.se/appnotes/enpa-sa-00017.html
Plugin Details
Severity: High
ID: 19007
File Name: freebsd_pkg_831a6a6679fa11d9a9e70001020eed82.nasl
Version: 1.18
Type: local
Family: FreeBSD Local Security Checks
Published: 7/13/2005
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:ethereal, p-cpe:/a:freebsd:freebsd:ethereal-lite, p-cpe:/a:freebsd:freebsd:tethereal, p-cpe:/a:freebsd:freebsd:tethereal-lite, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Ease: No known exploits are available
Patch Publication Date: 2/8/2005
Vulnerability Publication Date: 1/18/2005
Reference Information
CVE: CVE-2005-0006, CVE-2005-0007, CVE-2005-0008, CVE-2005-0009, CVE-2005-0010, CVE-2005-0084
BID: 12326