ID de Prueba:	1.3.6.1.4.1.25623.1.0.880531
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for wireshark CESA-2011:0370 centos5 i386
Resumen:	The remote host is missing an update for the 'wireshark'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'wireshark' package(s) announced via the referenced advisory. Vulnerability Insight: Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially-crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. Affected Software/OS: wireshark on CentOS 5 Solution: Please install the updated packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3445 BugTraq ID: 43197 http://www.securityfocus.com/bid/43197 Bugtraq: 20100913 Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service (Google Search) http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html CERT/CC vulnerability note: VU#215900 http://www.kb.cert.org/vuls/id/215900 Debian Security Information: DSA-2127 (Google Search) http://www.debian.org/security/2010/dsa-2127 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:200 http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/ http://www.openwall.com/lists/oss-security/2010/10/01/10 http://www.openwall.com/lists/oss-security/2010/10/12/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607 http://www.redhat.com/support/errata/RHSA-2010-0924.html http://www.redhat.com/support/errata/RHSA-2011-0370.html http://secunia.com/advisories/42392 http://secunia.com/advisories/42411 http://secunia.com/advisories/42877 http://secunia.com/advisories/43068 http://secunia.com/advisories/43759 http://secunia.com/advisories/43821 SuSE Security Announcement: SUSE-SR:2011:001 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.vupen.com/english/advisories/2010/3067 http://www.vupen.com/english/advisories/2010/3093 http://www.vupen.com/english/advisories/2011/0076 http://www.vupen.com/english/advisories/2011/0212 http://www.vupen.com/english/advisories/2011/0404 http://www.vupen.com/english/advisories/2011/0626 http://www.vupen.com/english/advisories/2011/0719 Common Vulnerability Exposure (CVE) ID: CVE-2011-0024 Common Vulnerability Exposure (CVE) ID: CVE-2011-0538 BugTraq ID: 46167 http://www.securityfocus.com/bid/46167 Debian Security Information: DSA-2201 (Google Search) http://www.debian.org/security/2011/dsa-2201 http://www.mandriva.com/security/advisories?name=MDVSA-2011:044 http://openwall.com/lists/oss-security/2011/02/04/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14605 http://www.redhat.com/support/errata/RHSA-2011-0369.html http://www.securitytracker.com/id?1025148 http://secunia.com/advisories/43795 http://www.vupen.com/english/advisories/2011/0622 http://www.vupen.com/english/advisories/2011/0747 XForce ISS Database: wireshark-pcap-code-execution(65182) https://exchange.xforce.ibmcloud.com/vulnerabilities/65182 Common Vulnerability Exposure (CVE) ID: CVE-2011-1139 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14997 http://secunia.com/advisories/44169 SuSE Security Announcement: openSUSE-SU-2011:0347 (Google Search) https://hermes.opensuse.org/messages/8086844 XForce ISS Database: wireshark-pcapng-dos(65779) https://exchange.xforce.ibmcloud.com/vulnerabilities/65779 Common Vulnerability Exposure (CVE) ID: CVE-2011-1140 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14715 Common Vulnerability Exposure (CVE) ID: CVE-2011-1141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14974 Common Vulnerability Exposure (CVE) ID: CVE-2011-1143 BugTraq ID: 46796 http://www.securityfocus.com/bid/46796 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16209 http://secunia.com/advisories/48947
Copyright	Copyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.