English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 90895 CVE descriptions
and 50192 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57356
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1171-1 (ethereal)
Summary:Debian Security Advisory DSA 1171-1 (ethereal)
Description:Description:
The remote host is missing an update to ethereal
announced via advisory DSA 1171-1.

Several remote vulnerabilities have been discovered in the Ethereal network
scanner, which may lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-4333

It was discovered that the Q.2391 dissector is vulnerable to denial
of service caused by memory exhaustion.

CVE-2005-3241

It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are
vulnerable to denial of service caused by memory exhaustion.

CVE-2005-3242

It was discovered that the IrDA and SMB dissectors are vulnerable to
denial of service caused by memory corruption.

CVE-2005-3243

It was discovered that the SLIMP3 and AgentX dissectors are vulnerable
to code injection caused by buffer overflows.

CVE-2005-3244

It was discovered that the BER dissector is vulnerable to denial of
service caused by an infinite loop.

CVE-2005-3246

It was discovered that the NCP and RTnet dissectors are vulnerable to
denial of service caused by a null pointer dereference.

CVE-2005-3248

It was discovered that the X11 dissector is vulnerable denial of service
caused by a division through zero.

This update also fixes a 64 bit-specific regression in the ASN.1 decoder, which
has been introduced in a previous DSA.

For the stable distribution (sarge) these problems have been fixed in
version 0.10.10-2sarge8.

For the unstable distribution (sid) these problems have been fixed in
version 0.99.2-5.1 of wireshark, the network sniffer formerly known as
ethereal.

We recommend that you upgrade your ethereal packages.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201171-1

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4333
Bugtraq: 20060825 rPSA-2006-0158-1 tshark wireshark (Google Search)
http://www.securityfocus.com/archive/1/archive/1/444323/100/0/threaded
Debian Security Information: DSA-1171 (Google Search)
http://www.debian.org/security/2006/dsa-1171
http://security.gentoo.org/glsa/glsa-200608-26.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:152
http://www.redhat.com/support/errata/RHSA-2006-0658.html
CERT/CC vulnerability note: VU#696896
http://www.kb.cert.org/vuls/id/696896
BugTraq ID: 19690
http://www.securityfocus.com/bid/19690
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11801
http://www.vupen.com/english/advisories/2006/3370
http://securitytracker.com/id?1016736
http://secunia.com/advisories/21597
http://secunia.com/advisories/21649
http://secunia.com/advisories/21813
http://secunia.com/advisories/21619
http://secunia.com/advisories/21682
http://secunia.com/advisories/21885
http://secunia.com/advisories/22378
XForce ISS Database: wireshark-sscop-dos(28556)
http://xforce.iss.net/xforce/xfdb/28556
XForce ISS Database: wireshark-esp-offbyone(28553)
http://xforce.iss.net/xforce/xfdb/28553
Common Vulnerability Exposure (CVE) ID: CVE-2005-3241
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml
http://www.redhat.com/support/errata/RHSA-2005-809.html
SuSE Security Announcement: SUSE-SR:2005:025 (Google Search)
http://www.novell.com/linux/security/advisories/2005_25_sr.html
BugTraq ID: 15148
http://www.securityfocus.com/bid/15148
http://www.osvdb.org/20121
http://www.osvdb.org/20122
http://www.osvdb.org/20123
http://www.osvdb.org/20124
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10582
http://securitytracker.com/id?1015082
http://secunia.com/advisories/17377
http://secunia.com/advisories/17254
http://secunia.com/advisories/17286
http://secunia.com/advisories/17327
http://secunia.com/advisories/17392
http://secunia.com/advisories/17480
Common Vulnerability Exposure (CVE) ID: CVE-2005-3242
http://www.osvdb.org/20125
http://www.osvdb.org/20133
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10558
Common Vulnerability Exposure (CVE) ID: CVE-2005-3243
http://www.frsirt.com/exploits/20051020.ethereal_slimp3_bof.py.php
http://www.osvdb.org/20126
http://www.osvdb.org/20135
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9836
Common Vulnerability Exposure (CVE) ID: CVE-2005-3244
http://www.osvdb.org/20127
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9665
Common Vulnerability Exposure (CVE) ID: CVE-2005-3246
http://www.osvdb.org/20128
http://www.osvdb.org/20130
http://www.osvdb.org/20131
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10303
Common Vulnerability Exposure (CVE) ID: CVE-2005-3248
http://www.osvdb.org/20134
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11002
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 50192 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.