Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRAKE_MDKSA-2005-131.NASL
HistoryOct 05, 2005 - 12:00 a.m.

Mandrake Linux Security Advisory : ethereal (MDKSA-2005:131)

2005-10-0500:00:00
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

A number of vulnerabilities were discovered in versions of Ethereal prior to version 0.10.12, including :

The SMB dissector could overflow a buffer or exhaust memory (CVE-2005-2365).

iDefense discovered that several dissectors are vulnerable to format string overflows (CVE-2005-2367).

A number of other portential crash issues in various dissectors have also been corrected.

This update provides Ethereal 0.10.12 which is not vulnerable to these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2005:131. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(19891);
  script_version("1.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-2360", "CVE-2005-2361", "CVE-2005-2362", "CVE-2005-2363", "CVE-2005-2364", "CVE-2005-2365", "CVE-2005-2366", "CVE-2005-2367");
  script_bugtraq_id(14399);
  script_xref(name:"MDKSA", value:"2005:131");

  script_name(english:"Mandrake Linux Security Advisory : ethereal (MDKSA-2005:131)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of vulnerabilities were discovered in versions of Ethereal
prior to version 0.10.12, including :

The SMB dissector could overflow a buffer or exhaust memory
(CVE-2005-2365).

iDefense discovered that several dissectors are vulnerable to format
string overflows (CVE-2005-2367).

A number of other portential crash issues in various dissectors have
also been corrected.

This update provides Ethereal 0.10.12 which is not vulnerable to these
issues."
  );
  # http://www.ethereal.com/appnotes/enpa-sa-00020.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://ethereal.archive.sunet.se/appnotes/enpa-sa-00020.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ethereal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ethereal-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ethereal0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libethereal0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tethereal");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/08/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.1", reference:"ethereal-0.10.12-0.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"ethereal-tools-0.10.12-0.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64ethereal0-0.10.12-0.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libethereal0-0.10.12-0.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"tethereal-0.10.12-0.1.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", reference:"ethereal-0.10.12-0.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"ethereal-tools-0.10.12-0.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64ethereal0-0.10.12-0.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libethereal0-0.10.12-0.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"tethereal-0.10.12-0.1.102mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxetherealp-cpe:/a:mandriva:linux:ethereal
mandrivalinuxethereal-toolsp-cpe:/a:mandriva:linux:ethereal-tools
mandrivalinuxlib64ethereal0p-cpe:/a:mandriva:linux:lib64ethereal0
mandrivalinuxlibethereal0p-cpe:/a:mandriva:linux:libethereal0
mandrivalinuxtetherealp-cpe:/a:mandriva:linux:tethereal
mandrakesoftmandrake_linux10.1cpe:/o:mandrakesoft:mandrake_linux:10.1
mandrakesoftmandrake_linuxle2005x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Related

openvas 6
centos 2
nessus 6
redhat 1
gentoo 1
osv 1
debian 2
ubuntucve 8
cve 8
openvas
openvas
Gentoo Security Advisory GLSA 200507-27 (Ethereal)
2008-09-24 00:00:00
SLES9: Security update for ethereal
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200507-27 (Ethereal)
2008-09-24 00:00:00
centos
centos
ethereal security update
2005-08-10 23:18:03
ethereal security update
2005-08-10 18:37:48
nessus
nessus
RHEL 2.1 / 3 / 4 : ethereal (RHSA-2005:687)
2005-08-12 00:00:00
CentOS 3 / 4 : ethereal (CESA-2005:687)
2006-07-03 00:00:00
GLSA-200507-27 : Ethereal: Multiple vulnerabilities
2005-07-31 00:00:00
redhat
redhat
(RHSA-2005:687) ethereal security update
2005-08-10 00:00:00
gentoo
gentoo
Ethereal: Multiple vulnerabilities
2005-07-28 00:00:00
osv
osv
ethereal - several
2005-10-09 00:00:00
debian
debian
[SECURITY] [DSA 853-1] New ethereal packages fix several vulnerabilities
2005-10-09 11:35:18
[SECURITY] [DSA 853-1] New ethereal packages fix several vulnerabilities
2005-10-09 11:35:18
ubuntucve
ubuntucve
CVE-2005-2367
2005-08-10 00:00:00
CVE-2005-2366
2005-08-10 00:00:00
CVE-2005-2361
2005-08-10 00:00:00
cve
cve
CVE-2005-2361
2005-08-10 04:00:00
CVE-2005-2365
2005-08-10 04:00:00
CVE-2005-2367
2005-08-10 04:00:00
JSON
Related for MANDRAKE_MDKSA-2005-131.NASL
openvas6centos2nessus6redhat1gentoo1osv1debian2ubuntucve8cve8