Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:152: ethereal Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the ethereal package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:152 (ethereal).
A number of vulnerabilities were discovered in Ethereal:
- Matthew Bing discovered a bug in DICOM dissection that could make Ethereal
crash (CVE-2004-1139) - An invalid RTP timestamp could make Ethereal hang and
create a large temporary file, possibly filling available disk space
(CVE-2004-1140) - The HTTP dissector could access previously-freed memory,
causing a crash (CVE-2004-1141) - Brian Caswell discovered that an improperly
formatted SMB packet could make Ethereal hang, maximizing CPU utilization
Ethereal 0.10.8 was released to correct these problems and is being provided.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:152
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.