Buffer overflow : Wireshark Multiple Buffer Overflow Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800289

Categoría: Buffer overflow

Título: Wireshark Multiple Buffer Overflow Vulnerabilities - Linux

Resumen: Wireshark is prone to multiple Buffer Overflow vulnerabilities.

Descripción: Summary:
Wireshark is prone to multiple Buffer Overflow vulnerabilities.

Vulnerability Insight:
The flaws are caused by buffer overflow errors in the LWRES dissector when
processing malformed data or packets.

Vulnerability Impact:
Successful exploitation allows attackers to crash an affected application or
potentially execute arbitrary code.

Affected Software/OS:
Wireshark version 1.2.0 to 1.2.5 and 0.9.15 to 1.0.10

Solution:
Upgrade to Wireshark 1.2.6 or 1.0.11

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0304
1023516
http://www.securitytracker.com/id?1023516
37985
http://www.securityfocus.com/bid/37985
38257
http://secunia.com/advisories/38257
38348
http://secunia.com/advisories/38348
38829
http://secunia.com/advisories/38829
61987
http://osvdb.org/61987
ADV-2010-0239
http://www.vupen.com/english/advisories/2010/0239
DSA-1983
http://www.debian.org/security/2010/dsa-1983
FEDORA-2010-3556
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036415.html
MDVSA-2010:031
http://www.mandriva.com/security/advisories?name=MDVSA-2010:031
[oss-security] 20100129 Re: CVE id request: Wireshark
http://www.openwall.com/lists/oss-security/2010/01/29/4
http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h
http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname
http://www.wireshark.org/security/wnpa-sec-2010-01.html
http://www.wireshark.org/security/wnpa-sec-2010-02.html
oval:org.mitre.oval:def:8490
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8490
oval:org.mitre.oval:def:9933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9933
wireshark-lwres-bo(55951)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55951

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800289
Categoría:	Buffer overflow
Título:	Wireshark Multiple Buffer Overflow Vulnerabilities - Linux
Resumen:	Wireshark is prone to multiple Buffer Overflow vulnerabilities.
Descripción:	Summary: Wireshark is prone to multiple Buffer Overflow vulnerabilities. Vulnerability Insight: The flaws are caused by buffer overflow errors in the LWRES dissector when processing malformed data or packets. Vulnerability Impact: Successful exploitation allows attackers to crash an affected application or potentially execute arbitrary code. Affected Software/OS: Wireshark version 1.2.0 to 1.2.5 and 0.9.15 to 1.0.10 Solution: Upgrade to Wireshark 1.2.6 or 1.0.11 CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0304 1023516 http://www.securitytracker.com/id?1023516 37985 http://www.securityfocus.com/bid/37985 38257 http://secunia.com/advisories/38257 38348 http://secunia.com/advisories/38348 38829 http://secunia.com/advisories/38829 61987 http://osvdb.org/61987 ADV-2010-0239 http://www.vupen.com/english/advisories/2010/0239 DSA-1983 http://www.debian.org/security/2010/dsa-1983 FEDORA-2010-3556 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036415.html MDVSA-2010:031 http://www.mandriva.com/security/advisories?name=MDVSA-2010:031 [oss-security] 20100129 Re: CVE id request: Wireshark http://www.openwall.com/lists/oss-security/2010/01/29/4 http://anonsvn.wireshark.org/viewvc/trunk-1.2/epan/dissectors/packet-lwres.c?view=diff&r1=31596&r2=28492&diff_format=h http://www.metasploit.com/modules/exploit/multi/misc/wireshark_lwres_getaddrbyname http://www.wireshark.org/security/wnpa-sec-2010-01.html http://www.wireshark.org/security/wnpa-sec-2010-02.html oval:org.mitre.oval:def:8490 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8490 oval:org.mitre.oval:def:9933 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9933 wireshark-lwres-bo(55951) https://exchange.xforce.ibmcloud.com/vulnerabilities/55951
Copyright	Copyright (C) 2010 Greenbone AG