Denial of Service : Wireshark Multiple Denial of Service Vulnerabilities-04 (Aug 2016)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.809100

Kategorie: Denial of Service

Titel: Wireshark Multiple Denial of Service Vulnerabilities-04 (Aug 2016) - Mac OS X

Zusammenfassung: Wireshark is prone to multiple denial of service vulnerabilities.

Beschreibung: Summary:
Wireshark is prone to multiple denial of service vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- The 'epan/dissectors/packet-dcerpc-spoolss.c' script omits in the SPOOLS
component mishandles unexpected offsets.

- The 'epan/crypt/airpdcap.c' in the IEEE 802.11 dissector mishandles the
lack of an EAPOL_RSN_KEY.

- The 'epan/dissectors/packet-umts_fp.c' in the UMTS FP dissector mishandles
the reserved C/T value.

- The 'USB subsystem' mishandles class types.

- The 'wiretap/toshiba.c' in the Toshiba file parser mishandles sscanf
unsigned-integer processing.

- The 'wiretap/cosine.c' in the CoSine file parser mishandles sscanf
unsigned-integer processing.

- The 'wiretap/netscreen.c' in the NetScreen file parser mishandles sscanf
unsigned-integer processing.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to conduct denial of service attack.

Affected Software/OS:
Wireshark version 2.0.x before 2.0.4
and 1.12.x before 1.12.12 on Mac OS X.

Solution:
Upgrade to Wireshark version 2.0.4 or
1.12.12 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-5357
BugTraq ID: 91140
http://www.securityfocus.com/bid/91140
Debian Security Information: DSA-3615 (Google Search)
http://www.debian.org/security/2016/dsa-3615
http://www.openwall.com/lists/oss-security/2016/06/09/3
Common Vulnerability Exposure (CVE) ID: CVE-2016-5356
Common Vulnerability Exposure (CVE) ID: CVE-2016-5355
Common Vulnerability Exposure (CVE) ID: CVE-2016-5354
Common Vulnerability Exposure (CVE) ID: CVE-2016-5353
Common Vulnerability Exposure (CVE) ID: CVE-2016-5351
Common Vulnerability Exposure (CVE) ID: CVE-2016-5350

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.809100
Kategorie:	Denial of Service
Titel:	Wireshark Multiple Denial of Service Vulnerabilities-04 (Aug 2016) - Mac OS X
Zusammenfassung:	Wireshark is prone to multiple denial of service vulnerabilities.
Beschreibung:	Summary: Wireshark is prone to multiple denial of service vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - The 'epan/dissectors/packet-dcerpc-spoolss.c' script omits in the SPOOLS component mishandles unexpected offsets. - The 'epan/crypt/airpdcap.c' in the IEEE 802.11 dissector mishandles the lack of an EAPOL_RSN_KEY. - The 'epan/dissectors/packet-umts_fp.c' in the UMTS FP dissector mishandles the reserved C/T value. - The 'USB subsystem' mishandles class types. - The 'wiretap/toshiba.c' in the Toshiba file parser mishandles sscanf unsigned-integer processing. - The 'wiretap/cosine.c' in the CoSine file parser mishandles sscanf unsigned-integer processing. - The 'wiretap/netscreen.c' in the NetScreen file parser mishandles sscanf unsigned-integer processing. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct denial of service attack. Affected Software/OS: Wireshark version 2.0.x before 2.0.4 and 1.12.x before 1.12.12 on Mac OS X. Solution: Upgrade to Wireshark version 2.0.4 or 1.12.12 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5357 BugTraq ID: 91140 http://www.securityfocus.com/bid/91140 Debian Security Information: DSA-3615 (Google Search) http://www.debian.org/security/2016/dsa-3615 http://www.openwall.com/lists/oss-security/2016/06/09/3 Common Vulnerability Exposure (CVE) ID: CVE-2016-5356 Common Vulnerability Exposure (CVE) ID: CVE-2016-5355 Common Vulnerability Exposure (CVE) ID: CVE-2016-5354 Common Vulnerability Exposure (CVE) ID: CVE-2016-5353 Common Vulnerability Exposure (CVE) ID: CVE-2016-5351 Common Vulnerability Exposure (CVE) ID: CVE-2016-5350
Copyright	Copyright (C) 2016 Greenbone AG