Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2003:051 (ethereal)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50712

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2003:051 (ethereal)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to ethereal
announced via advisory MDKSA-2003:051.

A vulnerability was discovered in Ethereal 0.9.9 and earlier that
allows a remote attacker to use specially crafted SOCKS packets to
cause a denial of service (DoS) and possibly execute arbitrary
code.

A similar vulnerability also exists in the NTLMSSP code in Ethereal
0.9.9 and earlier, due to a heap-based buffer overflow.

Affected versions: 9.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2003:051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0159
http://www.ethereal.com/appnotes/enpa-sa-00008.html

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0081
BugTraq ID: 7049
http://www.securityfocus.com/bid/7049
Conectiva Linux advisory: CLSA-2003:627
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627
Debian Security Information: DSA-258 (Google Search)
http://www.debian.org/security/2003/dsa-258
http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html
http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051
http://www.guninski.com/etherre.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A54
http://www.redhat.com/support/errata/RHSA-2003-076.html
http://www.redhat.com/support/errata/RHSA-2003-077.html
SuSE Security Announcement: SuSE-SA:2003:019 (Google Search)
http://www.novell.com/linux/security/advisories/2003_019_ethereal.html
XForce ISS Database: ethereal-socks-format-string(11497)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11497
Common Vulnerability Exposure (CVE) ID: CVE-2003-0159
BugTraq ID: 7050
http://www.securityfocus.com/bid/7050
Bugtraq: 20030309 GLSA: ethereal (200303-10) (Google Search)
http://marc.info/?l=bugtraq&m=104741640924709&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2003:051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A55

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50712
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2003:051 (ethereal)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to ethereal announced via advisory MDKSA-2003:051. A vulnerability was discovered in Ethereal 0.9.9 and earlier that allows a remote attacker to use specially crafted SOCKS packets to cause a denial of service (DoS) and possibly execute arbitrary code. A similar vulnerability also exists in the NTLMSSP code in Ethereal 0.9.9 and earlier, due to a heap-based buffer overflow. Affected versions: 9.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2003:051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0159 http://www.ethereal.com/appnotes/enpa-sa-00008.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0081 BugTraq ID: 7049 http://www.securityfocus.com/bid/7049 Conectiva Linux advisory: CLSA-2003:627 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627 Debian Security Information: DSA-258 (Google Search) http://www.debian.org/security/2003/dsa-258 http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051 http://www.guninski.com/etherre.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A54 http://www.redhat.com/support/errata/RHSA-2003-076.html http://www.redhat.com/support/errata/RHSA-2003-077.html SuSE Security Announcement: SuSE-SA:2003:019 (Google Search) http://www.novell.com/linux/security/advisories/2003_019_ethereal.html XForce ISS Database: ethereal-socks-format-string(11497) https://exchange.xforce.ibmcloud.com/vulnerabilities/11497 Common Vulnerability Exposure (CVE) ID: CVE-2003-0159 BugTraq ID: 7050 http://www.securityfocus.com/bid/7050 Bugtraq: 20030309 GLSA: ethereal (200303-10) (Google Search) http://marc.info/?l=bugtraq&m=104741640924709&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A55
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com