Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:1100

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64210

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2009:1100

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2009:1100.

Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.

A format string flaw was found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash or,
possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-1210)

Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2009-1268, CVE-2009-1269, CVE-2009-1829)

Users of wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.8, and resolve these issues. All running instances of
Wireshark must be restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-1100.html
http://www.redhat.com/security/updates/classification/#moderate
http://www.wireshark.org/security/wnpa-sec-2009-02.html
http://www.wireshark.org/security/wnpa-sec-2009-03.html

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1210
BugTraq ID: 34291
http://www.securityfocus.com/bid/34291
Bugtraq: 20090417 rPSA-2009-0062-1 tshark wireshark (Google Search)
http://www.securityfocus.com/archive/1/502745/100/0/threaded
Debian Security Information: DSA-1785 (Google Search)
http://www.debian.org/security/2009/dsa-1785
https://www.exploit-db.com/exploits/8308
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:088
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5976
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9526
http://www.redhat.com/support/errata/RHSA-2009-1100.html
http://secunia.com/advisories/34542
http://secunia.com/advisories/34778
http://secunia.com/advisories/34970
http://secunia.com/advisories/35133
http://secunia.com/advisories/35224
http://secunia.com/advisories/35416
http://secunia.com/advisories/35464
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
XForce ISS Database: wireshark-pndcp-format-string(49512)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49512
Common Vulnerability Exposure (CVE) ID: CVE-2009-1268
BugTraq ID: 34457
http://www.securityfocus.com/bid/34457
Debian Security Information: DSA-1942 (Google Search)
http://www.debian.org/security/2009/dsa-1942
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5335
http://www.securitytracker.com/id?1022027
http://secunia.com/advisories/37477
XForce ISS Database: wireshark-cphap-dos(49815)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49815
Common Vulnerability Exposure (CVE) ID: CVE-2009-1269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10642
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5748
XForce ISS Database: wireshark-rf5file-dos(49816)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49816
Common Vulnerability Exposure (CVE) ID: CVE-2009-1829
BugTraq ID: 35081
http://www.securityfocus.com/bid/35081
http://www.mandriva.com/security/advisories?name=MDVSA-2009:125
http://osvdb.org/54629
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9270
http://www.securitytracker.com/id?1022274
http://secunia.com/advisories/35201
http://secunia.com/advisories/35248
http://www.vupen.com/english/advisories/2009/1408
XForce ISS Database: wireshark-pcnfsd-dos(50686)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50686

Copyright Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64210
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:1100
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2009:1100. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A format string flaw was found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-1210) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-1268, CVE-2009-1269, CVE-2009-1829) Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.8, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2009-1100.html http://www.redhat.com/security/updates/classification/#moderate http://www.wireshark.org/security/wnpa-sec-2009-02.html http://www.wireshark.org/security/wnpa-sec-2009-03.html CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1210 BugTraq ID: 34291 http://www.securityfocus.com/bid/34291 Bugtraq: 20090417 rPSA-2009-0062-1 tshark wireshark (Google Search) http://www.securityfocus.com/archive/1/502745/100/0/threaded Debian Security Information: DSA-1785 (Google Search) http://www.debian.org/security/2009/dsa-1785 https://www.exploit-db.com/exploits/8308 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:088 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5976 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9526 http://www.redhat.com/support/errata/RHSA-2009-1100.html http://secunia.com/advisories/34542 http://secunia.com/advisories/34778 http://secunia.com/advisories/34970 http://secunia.com/advisories/35133 http://secunia.com/advisories/35224 http://secunia.com/advisories/35416 http://secunia.com/advisories/35464 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html XForce ISS Database: wireshark-pndcp-format-string(49512) https://exchange.xforce.ibmcloud.com/vulnerabilities/49512 Common Vulnerability Exposure (CVE) ID: CVE-2009-1268 BugTraq ID: 34457 http://www.securityfocus.com/bid/34457 Debian Security Information: DSA-1942 (Google Search) http://www.debian.org/security/2009/dsa-1942 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3269 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10876 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5335 http://www.securitytracker.com/id?1022027 http://secunia.com/advisories/37477 XForce ISS Database: wireshark-cphap-dos(49815) https://exchange.xforce.ibmcloud.com/vulnerabilities/49815 Common Vulnerability Exposure (CVE) ID: CVE-2009-1269 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10642 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5748 XForce ISS Database: wireshark-rf5file-dos(49816) https://exchange.xforce.ibmcloud.com/vulnerabilities/49816 Common Vulnerability Exposure (CVE) ID: CVE-2009-1829 BugTraq ID: 35081 http://www.securityfocus.com/bid/35081 http://www.mandriva.com/security/advisories?name=MDVSA-2009:125 http://osvdb.org/54629 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9270 http://www.securitytracker.com/id?1022274 http://secunia.com/advisories/35201 http://secunia.com/advisories/35248 http://www.vupen.com/english/advisories/2009/1408 XForce ISS Database: wireshark-pcnfsd-dos(50686) https://exchange.xforce.ibmcloud.com/vulnerabilities/50686
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com