Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:058 (wireshark)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63452

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:058 (wireshark)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to wireshark
announced via advisory MDVSA-2009:058.

Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through
1.0.5 allows user-assisted remote attackers to cause a denial
of service (application crash) via a malformed NetScreen snoop
file. (CVE-2009-0599)

Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to
cause a denial of service (application crash) via a crafted Tektronix
K12 text capture file, as demonstrated by a file with exactly one
frame. (CVE-2009-0600)

Format string vulnerability in Wireshark 0.99.8 through 1.0.5
on non-Windows platforms allows local users to cause a denial of
service (application crash) via format string specifiers in the HOME
environment variable. (CVE-2009-0601)

This update provides Wireshark 1.0.6, which is not vulnerable to
these issues.

Affected: 2008.1, 2009.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:058
http://www.wireshark.org/security/wnpa-sec-2009-01.html

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0599
BugTraq ID: 33690
http://www.securityfocus.com/bid/33690
Bugtraq: 20090312 rPSA-2009-0040-1 tshark wireshark (Google Search)
http://www.securityfocus.com/archive/1/501763/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00652.html
http://osvdb.org/51815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14732
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9677
http://www.redhat.com/support/errata/RHSA-2009-0313.html
http://www.securitytracker.com/id?1021697
http://secunia.com/advisories/33872
http://secunia.com/advisories/34144
http://secunia.com/advisories/34264
http://secunia.com/advisories/34344
SuSE Security Announcement: SUSE-SR:2009:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
http://www.vupen.com/english/advisories/2009/0370
Common Vulnerability Exposure (CVE) ID: CVE-2009-0600
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10853
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15041
Common Vulnerability Exposure (CVE) ID: CVE-2009-0601

Copyright Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63452
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:058 (wireshark)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to wireshark announced via advisory MDVSA-2009:058. Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. (CVE-2009-0599) Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. (CVE-2009-0600) Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. (CVE-2009-0601) This update provides Wireshark 1.0.6, which is not vulnerable to these issues. Affected: 2008.1, 2009.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:058 http://www.wireshark.org/security/wnpa-sec-2009-01.html CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0599 BugTraq ID: 33690 http://www.securityfocus.com/bid/33690 Bugtraq: 20090312 rPSA-2009-0040-1 tshark wireshark (Google Search) http://www.securityfocus.com/archive/1/501763/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00652.html http://osvdb.org/51815 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14732 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9677 http://www.redhat.com/support/errata/RHSA-2009-0313.html http://www.securitytracker.com/id?1021697 http://secunia.com/advisories/33872 http://secunia.com/advisories/34144 http://secunia.com/advisories/34264 http://secunia.com/advisories/34344 SuSE Security Announcement: SUSE-SR:2009:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://www.vupen.com/english/advisories/2009/0370 Common Vulnerability Exposure (CVE) ID: CVE-2009-0600 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10853 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15041 Common Vulnerability Exposure (CVE) ID: CVE-2009-0601
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com