|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2004:024: ethereal Vulnerability Assessment Details
|
MDKSA-2004:024: ethereal |
||
|
Check for the version of the ethereal package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory MDKSA-2004:024 (ethereal). A number of serious issues have been discovered in versions of Ethereal prior to 0.10.2. Stefan Esser discovered thirteen buffer overflows in the NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP dissectors. Jonathan Heusser discovered that a carefully-crafted RADIUS packet could cause Ethereal to crash. It was also found that a zero-length Presentation protocol selector could make Ethereal crash. Finally, a corrupt color filter file could cause a segmentation fault. It is possible, through the exploitation of some of these vulnerabilities, to cause Ethereal to crash or run arbitrary code by injecting a malicious, malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file. The updated packages bring Ethereal to version 0.10.3 which is not vulnerable to these issues. Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:024 Network Security Threat Level: High Networks Security ID: 9952 Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security |
||
|
KVM Switch Boxes, Cables |
|
||
|
No Discussions have been posted on this vulnerability. |