|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200608-26] Wireshark: Multiple vulnerabilities Vulnerability Assessment Details
|
[GLSA-200608-26] Wireshark: Multiple vulnerabilities |
||
Wireshark: Multiple vulnerabilities Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200608-26 (Wireshark: Multiple vulnerabilities) The following vulnerabilities have been discovered in Wireshark. Firstly, if the IPsec ESP parser is used it is susceptible to off-by-one errors, this parser is disabled by default secondly, the SCSI dissector is vulnerable to an unspecified crash and finally, the Q.2931 dissector of the SSCOP payload may use all the available memory if a port range is configured. By default, no port ranges are configured. Impact A possible hacker might be able to exploit these vulnerabilities, resulting in a crash or the execution of arbitrary code with the permissions of the user running Wireshark, possibly the root user. Workaround Disable the SCSI and Q.2931 dissectors with the "Analyse" and "Enabled protocols" menus. Make sure the ESP decryption is disabled, with the "Edit -> Preferences -> Protocols -> ESP" menu. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4330 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4333 http://www.wireshark.org/security/wnpa-sec-2006-02.html Solution: All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/wireshark-0.99.3" Network Security Threat Level: Medium Networks Security ID: Vulnerability Assessment Copyright: (C) 2006 Michel Arboi |
||
Cables, Connectors |
Vintage Apple Newton MessagePad 2000 With Original Box and Some Accessories
$199.99
Vintage Apple M2980 AppleDesign Keyboard - Tested and working - Good condition
$19.75
Vintage Apple Lisa Brochure, very nice condition
$50.00
Vintage A3S2 Apple III Computer With 12 Volt Motherboard 820-0043-00
$450.00
Rare Vintage Miniscribe Apple Macintosh SE / 20 8425SA Head Motor & Guide
$24.99
Vintage Apple Computer Monitor
$45.90
Vintage Apple Macintosh Performa 550
$360.00
VINTAGE APPLE MACINTOSH POWERBOOK 180 ( M4440) Powers On
$100.00
Apple Macintosh Performa 466 Vintage Computer | SKU 146754
$149.95
Apple Macintosh PowerBook 180 Vintage Laptop | Retro Computer
$149.95
|
||
No Discussions have been posted on this vulnerability. |