|
|
Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2006:065: ethereal Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the ethereal package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2006:065 (ethereal).
Various problems have been fixed in the network analyzer Ethereal (now called
Wireshark), most of them leading to crashes of the ethereal program.
CVE-2006-5740: An unspecified vulnerability in the LDAP dissector
could be used to crash Ethereal.
CVE-2006-4574: A single \0 byte heap overflow was fixed in the MIME multipart
dissector. Potential of exploitability is unknown, but considered low.
CVE-2006-4805: A denial of service problem in the XOT dissector can cause
it to take up huge amount of memory and crash ethereal.
CVE-2006-5469: The WBXML dissector could be used to crash ethereal.
CVE-2006-5468: A NULL pointer dereference in the HTTP dissector could
crash ethereal.
Solution : http://www.suse.de/security/http://www.novell.com/linux/security/advisories/2006_65_ethereal.html
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
