Test ID:	1.3.6.1.4.1.25623.1.0.50633
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2004:152 (ethereal)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to ethereal announced via advisory MDKSA-2004:152. A number of vulnerabilities were discovered in Ethereal: - Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash (CVE-2004-1139) - An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling available disk space (CVE-2004-1140) - The HTTP dissector could access previously-freed memory, causing a crash (CVE-2004-1141) - Brian Caswell discovered that an improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization (CVE-2004-1142) Ethereal 0.10.8 was released to correct these problems and is being provided. Affected versions: 10.0, 10.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1142 http://www.ethereal.com/appnotes/enpa-sa-00016.html Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1139 BugTraq ID: 11943 http://www.securityfocus.com/bid/11943 Computer Incident Advisory Center Bulletin: P-061 http://www.ciac.org/ciac/bulletins/p-061.shtml Conectiva Linux advisory: CLA-2005:916 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html http://www.gentoo.org/security/en/glsa/glsa-200412-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:152 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11319 http://www.redhat.com/support/errata/RHSA-2005-037.html http://secunia.com/advisories/13468/ XForce ISS Database: ethereal-dicom-dos(18484) https://exchange.xforce.ibmcloud.com/vulnerabilities/18484 Common Vulnerability Exposure (CVE) ID: CVE-2004-1140 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10484 XForce ISS Database: Ethereal-rtp-dos(18485) https://exchange.xforce.ibmcloud.com/vulnerabilities/18485 Common Vulnerability Exposure (CVE) ID: CVE-2004-1141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9473 XForce ISS Database: ethereal-http-dissector-dos(18487) https://exchange.xforce.ibmcloud.com/vulnerabilities/18487 Common Vulnerability Exposure (CVE) ID: CVE-2004-1142 Debian Security Information: DSA-613 (Google Search) http://www.debian.org/security/2004/dsa-613 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11278 XForce ISS Database: ethereal-smb-dos(18488) https://exchange.xforce.ibmcloud.com/vulnerabilities/18488
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.