|
Family: Debian Local Security Checks --> Category: infos
[DSA130] DSA-130-1 ethereal Vulnerability Scan
Vulnerability Scan Summary DSA-130-1 ethereal
Detailed Explanation for this Vulnerability Test
Ethereal versions prior to 0.9.3 were vulnerable to an allocation error
in the ASN.1 parser. This can be triggered when analyzing traffic using
the SNMP, LDAP, COPS, or Kerberos protocols in ethereal. This
vulnerability was announced in the ethereal security advisory
enpa-sa-00003.
This issue has been corrected in ethereal version 0.8.0-3potato for
Debian 2.2 (potato).
Additionally, a number of vulnerabilities were discussed in ethereal
security advisory
enpa-sa-00004
the version of ethereal in Debian 2.2
(potato) is not vulnerable to the issues raised in this later advisory.
Users of the not-yet-released woody distribution should ensure that they
are running ethereal 0.9.4-1 or a later version.
We recommend you upgrade your ethereal package immediately.
Solution : http://www.debian.org/security/2002/dsa-130
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|