RHEL 2.1 / 3 : ethereal (RHSA-2004:234)

critical Nessus Plugin ID 12501

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated Ethereal packages that fix various security vulnerabilities are now available.

Ethereal is a program for monitoring network traffic.

The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3 contained a buffer overflow flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0507 to this issue.

In addition, other flaws in Ethereal prior to 0.10.4 were found that could cause it to crash in response to carefully crafted SIP (CVE-2004-0504), AIM (CVE-2004-0505), or SPNEGO (CVE-2004-0506) packets.

Users of Ethereal should upgrade to these updated packages, which contain backported security patches that correct these issues.

Solution

Update the affected ethereal and / or ethereal-gnome packages.

See Also

https://access.redhat.com/security/cve/cve-2004-0504

https://access.redhat.com/security/cve/cve-2004-0505

https://access.redhat.com/security/cve/cve-2004-0506

https://access.redhat.com/security/cve/cve-2004-0507

http://ethereal.archive.sunet.se/appnotes/enpa-sa-00014.html

https://access.redhat.com/errata/RHSA-2004:234

Plugin Details

Severity: Critical

ID: 12501

File Name: redhat-RHSA-2004-234.nasl

Version: 1.27

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ethereal, p-cpe:/a:redhat:enterprise_linux:ethereal-gnome, cpe:/o:redhat:enterprise_linux:2.1, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 6/9/2004

Vulnerability Publication Date: 8/18/2004

Reference Information

CVE: CVE-2004-0504, CVE-2004-0505, CVE-2004-0506, CVE-2004-0507

RHSA: 2004:234