Buffer overflow : Wireshark BER Dissector Stack Consumption Vulnerability

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.802845
Kategorie:	Buffer overflow
Titel:	Wireshark BER Dissector Stack Consumption Vulnerability - Mac OS X
Zusammenfassung:	Wireshark is prone to stack consumption vulnerability.
Beschreibung:	Summary: Wireshark is prone to stack consumption vulnerability. Vulnerability Insight: The flaw is due to stack consumption error in the 'dissect_ber_unknown()' function in 'epan/dissectors/packet-ber.c' in the BER dissector, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown 'ASN.1/BER' encoded packet. Vulnerability Impact: Successful exploitation will allow attackers to crash the application. Affected Software/OS: Wireshark version 1.4.x before 1.4.1 and 1.2.x before 1.2.12 Solution: Upgrade to Wireshark 1.4.1 or 1.2.12 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3445 20100913 Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html 42392 http://secunia.com/advisories/42392 42411 http://secunia.com/advisories/42411 42877 http://secunia.com/advisories/42877 43068 http://secunia.com/advisories/43068 43197 http://www.securityfocus.com/bid/43197 43759 http://secunia.com/advisories/43759 43821 http://secunia.com/advisories/43821 ADV-2010-3067 http://www.vupen.com/english/advisories/2010/3067 ADV-2010-3093 http://www.vupen.com/english/advisories/2010/3093 ADV-2011-0076 http://www.vupen.com/english/advisories/2011/0076 ADV-2011-0212 http://www.vupen.com/english/advisories/2011/0212 ADV-2011-0404 http://www.vupen.com/english/advisories/2011/0404 ADV-2011-0626 http://www.vupen.com/english/advisories/2011/0626 ADV-2011-0719 http://www.vupen.com/english/advisories/2011/0719 DSA-2127 http://www.debian.org/security/2010/dsa-2127 FEDORA-2011-2620 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html FEDORA-2011-2632 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html FEDORA-2011-2648 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html MDVSA-2010:200 http://www.mandriva.com/security/advisories?name=MDVSA-2010:200 RHSA-2010:0924 http://www.redhat.com/support/errata/RHSA-2010-0924.html RHSA-2011:0370 http://www.redhat.com/support/errata/RHSA-2011-0370.html SUSE-SR:2011:001 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html SUSE-SR:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html VU#215900 http://www.kb.cert.org/vuls/id/215900 [oss-security] 20101001 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark http://www.openwall.com/lists/oss-security/2010/10/01/10 [oss-security] 20101011 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark http://www.openwall.com/lists/oss-security/2010/10/12/1 http://blogs.sun.com/security/entry/resource_management_errors_vulnerability_in http://www.wireshark.org/security/wnpa-sec-2010-12.html http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5230 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3445 oval:org.mitre.oval:def:14607 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607
Copyright	Copyright (C) 2012 Greenbone AG