|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2005:193-2: ethereal Vulnerability Assessment Details
|
MDKSA-2005:193-2: ethereal |
||
Check for the version of the ethereal package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory MDKSA-2005:193-2 (ethereal). Ethereal 0.10.13 is now available fixing a number of security vulnerabilities in various dissectors: - the ISAKMP dissector could exhaust system memory - the FC-FCS dissector could exhaust system memory - the RSVP dissector could exhaust system memory - the ISIS LSP dissector could exhaust system memory - the IrDA dissector could crash - the SLIMP3 dissector could overflow a buffer - the BER dissector was susceptible to an infinite loop - the SCSI dissector could dereference a null pointer and crash - the sFlow dissector could dereference a null pointer and crash - the RTnet dissector could dereference a null pointer and crash - the SigComp UDVM could go into an infinite loop or crash - the X11 dissector could attempt to divide by zero - if SMB transaction payload reassembly is enabled the SMB dissector could crash (by default this is disabled) - if the 'Dissect unknown RPC program numbers' option was enabled, the ONC RPC dissector might be able to exhaust system memory (by default this is disabled) - the AgentX dissector could overflow a buffer - the WSP dissector could free an invalid pointer - iDEFENSE discovered a buffer overflow in the SRVLOC dissector The new version of Ethereal is provided and corrects all of these issues. An infinite loop in the IRC dissector was also discovered and fixed after the 0.10.13 release. The updated packages include the fix. Update: A permissions problem on the /usr/share/ethereal/dtds directory caused errors when ethereal started as a non-root user. This update corrects the problem. Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:193-2 Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security |
||
Cables, Connectors |
Grandstream GS-HT802 2 Port Analog Telephone Adapter VoIP Phone & Device, Black
$32.00
Cisco VG202XM Analog Voice Gateway VoIP -- [NEW/FULL KIT]
$76.00
Yealink T54W IP Phone, 16 VoIP Accounts. 4.3-Inch Color Display - Black
$99.99
LOT OF 10 Cisco CP-7841-K9 VoIP 4-Line Business Phone w/ Stand Handset Cord
$69.99
Yealink W73H IP DECT VOIP Phone
$10.00
New Cisco 7945G IP VoIP Gigabit GIGE Telephone Phone CP-7945G -
$24.95
Cisco CP-7945G VOIP Phone With Stand & Handset Business IP Phone 7945
$3.00
Polycom VVX 400 VOIP Phone VVX400
$39.99
Grandstream WP810 Portable Wi-Fi Phone Voip Phone and Device
$94.88
Yealink SIP-T41P PoE Ultra Elegant VoIP Phone
$29.95
|
||
No Discussions have been posted on this vulnerability. |