Denial of Service : Wireshark Multiple Vulnerabilities (Feb 2009)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800246

Categoría: Denial of Service

Título: Wireshark Multiple Vulnerabilities (Feb 2009) - Linux

Resumen: Wireshark is prone to multiple vulnerabilities.

Descripción: Summary:
Wireshark is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- a boundary error in the processing of NetScreen Snoop capture files.

- format string vulnerability in wireshark through format string specifiers
in the HOME environment variable.

- improper handling of Tektronix K12 text capture files as demonstrated by a
file with exactly one frame.

Vulnerability Impact:
Successful exploitation will let the attacker cause denial of service to the
application by crafting malicious packets.

Affected Software/OS:
Wireshark for Linux version 0.99.6 through 1.0.5.

Solution:
Upgrade to the latest version 1.0.6.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0599
BugTraq ID: 33690
http://www.securityfocus.com/bid/33690
Bugtraq: 20090312 rPSA-2009-0040-1 tshark wireshark (Google Search)
http://www.securityfocus.com/archive/1/501763/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00652.html
http://osvdb.org/51815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14732
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9677
http://www.redhat.com/support/errata/RHSA-2009-0313.html
http://www.securitytracker.com/id?1021697
http://secunia.com/advisories/33872
http://secunia.com/advisories/34144
http://secunia.com/advisories/34264
http://secunia.com/advisories/34344
SuSE Security Announcement: SUSE-SR:2009:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
http://www.vupen.com/english/advisories/2009/0370
Common Vulnerability Exposure (CVE) ID: CVE-2009-0600
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10853
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15041
Common Vulnerability Exposure (CVE) ID: CVE-2009-0601

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800246
Categoría:	Denial of Service
Título:	Wireshark Multiple Vulnerabilities (Feb 2009) - Linux
Resumen:	Wireshark is prone to multiple vulnerabilities.
Descripción:	Summary: Wireshark is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - a boundary error in the processing of NetScreen Snoop capture files. - format string vulnerability in wireshark through format string specifiers in the HOME environment variable. - improper handling of Tektronix K12 text capture files as demonstrated by a file with exactly one frame. Vulnerability Impact: Successful exploitation will let the attacker cause denial of service to the application by crafting malicious packets. Affected Software/OS: Wireshark for Linux version 0.99.6 through 1.0.5. Solution: Upgrade to the latest version 1.0.6. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0599 BugTraq ID: 33690 http://www.securityfocus.com/bid/33690 Bugtraq: 20090312 rPSA-2009-0040-1 tshark wireshark (Google Search) http://www.securityfocus.com/archive/1/501763/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00652.html http://osvdb.org/51815 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14732 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9677 http://www.redhat.com/support/errata/RHSA-2009-0313.html http://www.securitytracker.com/id?1021697 http://secunia.com/advisories/33872 http://secunia.com/advisories/34144 http://secunia.com/advisories/34264 http://secunia.com/advisories/34344 SuSE Security Announcement: SUSE-SR:2009:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://www.vupen.com/english/advisories/2009/0370 Common Vulnerability Exposure (CVE) ID: CVE-2009-0600 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10853 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15041 Common Vulnerability Exposure (CVE) ID: CVE-2009-0601
Copyright	Copyright (C) 2009 Greenbone AG