Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:002 (ethereal)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50639

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:002 (ethereal)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to ethereal
announced via advisory MDKSA-2004:002.

Two vulnerabilities were discovered in versions of Ethereal prior to
0.10.0 that can be exploited to make Ethereal crash by injecting
malformed packets onto the wire or by convincing a user to read a
malformed packet trace file. The first vulnerability is in the SMB
dissector and the second is in the Q.391 dissector. It is not known
whether or not these issues could lead to the execution of arbitrary
code.

The updated packages provide Ethereal 0.10.0 which is not vulnerable
to these issues.

Affected versions: 9.1, 9.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1013

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-1012
Conectiva Linux advisory: CLA-2004:801
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000801
Debian Security Information: DSA-407 (Google Search)
http://www.debian.org/security/2004/dsa-407
http://www.mandriva.com/security/advisories?name=MDKSA-2004:002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10202
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A856
http://www.redhat.com/support/errata/RHSA-2004-001.html
http://www.redhat.com/support/errata/RHSA-2004-002.html
http://secunia.com/advisories/10531
http://secunia.com/advisories/10568
http://secunia.com/advisories/10570
SGI Security Advisory: 20040103-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
SGI Security Advisory: 20040202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
Common Vulnerability Exposure (CVE) ID: CVE-2003-1013
http://www.debian.org/security/2003/dsa-407
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10097
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A857

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50639
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:002 (ethereal)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to ethereal announced via advisory MDKSA-2004:002. Two vulnerabilities were discovered in versions of Ethereal prior to 0.10.0 that can be exploited to make Ethereal crash by injecting malformed packets onto the wire or by convincing a user to read a malformed packet trace file. The first vulnerability is in the SMB dissector and the second is in the Q.391 dissector. It is not known whether or not these issues could lead to the execution of arbitrary code. The updated packages provide Ethereal 0.10.0 which is not vulnerable to these issues. Affected versions: 9.1, 9.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1012 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1013 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1012 Conectiva Linux advisory: CLA-2004:801 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000801 Debian Security Information: DSA-407 (Google Search) http://www.debian.org/security/2004/dsa-407 http://www.mandriva.com/security/advisories?name=MDKSA-2004:002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10202 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A856 http://www.redhat.com/support/errata/RHSA-2004-001.html http://www.redhat.com/support/errata/RHSA-2004-002.html http://secunia.com/advisories/10531 http://secunia.com/advisories/10568 http://secunia.com/advisories/10570 SGI Security Advisory: 20040103-01-U ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc Common Vulnerability Exposure (CVE) ID: CVE-2003-1013 http://www.debian.org/security/2003/dsa-407 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10097 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A857
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com