FreeBSD Local Security Checks : FreeBSD Ports: wireshark, wireshark-lite

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66814

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: wireshark, wireshark-lite

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

wireshark
wireshark-lite

CVE-2010-0304
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15
through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause
a denial of service (crash) via a malformed packet, as demonstrated
using a stack-based buffer overflow to the
dissect_getaddrsbyname_request function.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0304
1023516
http://www.securitytracker.com/id?1023516
37985
http://www.securityfocus.com/bid/37985
38257
http://secunia.com/advisories/38257
38348
http://secunia.com/advisories/38348
38829
http://secunia.com/advisories/38829
61987
http://osvdb.org/61987
ADV-2010-0239
http://www.vupen.com/english/advisories/2010/0239
DSA-1983
http://www.debian.org/security/2010/dsa-1983
FEDORA-2010-3556
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036415.html
MDVSA-2010:031
http://www.mandriva.com/security/advisories?name=MDVSA-2010:031
[oss-security] 20100129 Re: CVE id request: Wireshark
http://www.openwall.com/lists/oss-security/2010/01/29/4
http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h
http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname
http://www.wireshark.org/security/wnpa-sec-2010-01.html
http://www.wireshark.org/security/wnpa-sec-2010-02.html
oval:org.mitre.oval:def:8490
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8490
oval:org.mitre.oval:def:9933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9933
wireshark-lwres-bo(55951)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55951

Copyright Copyright (C) 2010 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66814
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: wireshark, wireshark-lite
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: wireshark wireshark-lite CVE-2010-0304 Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0304 1023516 http://www.securitytracker.com/id?1023516 37985 http://www.securityfocus.com/bid/37985 38257 http://secunia.com/advisories/38257 38348 http://secunia.com/advisories/38348 38829 http://secunia.com/advisories/38829 61987 http://osvdb.org/61987 ADV-2010-0239 http://www.vupen.com/english/advisories/2010/0239 DSA-1983 http://www.debian.org/security/2010/dsa-1983 FEDORA-2010-3556 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036415.html MDVSA-2010:031 http://www.mandriva.com/security/advisories?name=MDVSA-2010:031 [oss-security] 20100129 Re: CVE id request: Wireshark http://www.openwall.com/lists/oss-security/2010/01/29/4 http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname http://www.wireshark.org/security/wnpa-sec-2010-01.html http://www.wireshark.org/security/wnpa-sec-2010-02.html oval:org.mitre.oval:def:8490 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8490 oval:org.mitre.oval:def:9933 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9933 wireshark-lwres-bo(55951) https://exchange.xforce.ibmcloud.com/vulnerabilities/55951
Copyright	Copyright (C) 2010 E-Soft Inc.