Detections
Analytics

Mandrake Linux Security Advisory : ethereal (MDKSA-2005:193-2)

critical Nessus Plugin ID 20435

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Ethereal 0.10.13 is now available fixing a number of security vulnerabilities in various dissectors :

 - the ISAKMP dissector could exhaust system memory

 - the FC-FCS dissector could exhaust system memory

 - the RSVP dissector could exhaust system memory

 - the ISIS LSP dissector could exhaust system memory

 - the IrDA dissector could crash

 - the SLIMP3 dissector could overflow a buffer

 - the BER dissector was susceptible to an infinite loop

 - the SCSI dissector could dereference a NULL pointer and crash

 - the sFlow dissector could dereference a NULL pointer and crash

 - the RTnet dissector could dereference a NULL pointer and crash

 - the SigComp UDVM could go into an infinite loop or crash

 - the X11 dissector could attempt to divide by zero

 - if SMB transaction payload reassembly is enabled the SMB dissector could crash (by default this is disabled)

 - if the 'Dissect unknown RPC program numbers' option was enabled, the ONC RPC dissector might be able to exhaust system memory (by default this is disabled)

 - the AgentX dissector could overflow a buffer

 - the WSP dissector could free an invalid pointer

 - iDEFENSE discovered a buffer overflow in the SRVLOC dissector

The new version of Ethereal is provided and corrects all of these issues.

An infinite loop in the IRC dissector was also discovered and fixed after the 0.10.13 release. The updated packages include the fix.

Update :

A permissions problem on the /usr/share/ethereal/dtds directory caused errors when ethereal started as a non-root user. This update corrects the problem.

Solution

Update the affected packages.

See Also

http://ethereal.archive.sunet.se/appnotes/enpa-sa-00021.html

Plugin Details

Severity: Critical

ID: 20435

File Name: mandrake_MDKSA-2005-193.nasl

Version: 1.18

Type: local

Published: 1/15/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:ethereal, p-cpe:/a:mandriva:linux:ethereal-tools, p-cpe:/a:mandriva:linux:lib64ethereal0, p-cpe:/a:mandriva:linux:libethereal0, p-cpe:/a:mandriva:linux:tethereal, cpe:/o:mandriva:linux:2006, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/31/2005

Reference Information

CVE: CVE-2005-3184, CVE-2005-3241, CVE-2005-3242, CVE-2005-3243, CVE-2005-3244, CVE-2005-3245, CVE-2005-3246, CVE-2005-3247, CVE-2005-3248, CVE-2005-3249, CVE-2005-3313

BID: 15148

MDKSA: 2005:193-2