SUSE-SA:2006:065: ethereal

medium Nessus Plugin ID 24442

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2006:065 (ethereal).

Various problems have been fixed in the network analyzer Ethereal (now called Wireshark), most of them leading to crashes of the ethereal program.

CVE-2006-5740: An unspecified vulnerability in the LDAP dissector could be used to crash Ethereal.

CVE-2006-4574: A single \0 byte heap overflow was fixed in the MIME multipart dissector. Potential of exploitability is unknown, but considered low.

CVE-2006-4805: A denial of service problem in the XOT dissector can cause it to take up huge amount of memory and crash ethereal.

CVE-2006-5469: The WBXML dissector could be used to crash ethereal.

CVE-2006-5468: A NULL pointer dereference in the HTTP dissector could crash ethereal.

Solution

http://www.novell.com/linux/security/advisories/2006_65_ethereal.html

Plugin Details

Severity: Medium

ID: 24442

File Name: suse_SA_2006_065.nasl

Version: 1.10

Agent: unix

Family: SuSE Local Security Checks

Published: 2/18/2007

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Detections

Analytics