Denial of Service : Wireshark DOCSIS Dissector Denial of Service Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801208

Categoría: Denial of Service

Título: Wireshark DOCSIS Dissector Denial of Service Vulnerability - Windows

Resumen: Wireshark is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
Wireshark is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
The flaw is caused by an error in the DOCSIS (Data Over Cable Service Interface
Specification) dissector when processing malformed data. An attacker can exploit this vulnerability by tricking a
user into opening a malformed packet trace file.

Vulnerability Impact:
Successful exploitation will allow attackers to crash the application.

Affected Software/OS:
Wireshark Version 0.9.6 through 1.0.12 and Wireshark Version 1.2.0 through 1.2.7.

Solution:
Upgrade to the latest version of Wireshark 1.2.8 or 1.0.13.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1455
39661
http://secunia.com/advisories/39661
39950
http://www.securityfocus.com/bid/39950
42877
http://secunia.com/advisories/42877
43068
http://secunia.com/advisories/43068
64363
http://www.osvdb.org/64363
ADV-2010-1081
http://www.vupen.com/english/advisories/2010/1081
ADV-2011-0076
http://www.vupen.com/english/advisories/2011/0076
ADV-2011-0212
http://www.vupen.com/english/advisories/2011/0212
MDVSA-2010:099
http://www.mandriva.com/security/advisories?name=MDVSA-2010:099
SUSE-SR:2011:001
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
SUSE-SR:2011:002
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
[oss-security] 20100507 Re: CVE Assignment (wireshark)
http://www.openwall.com/lists/oss-security/2010/05/07/7
http://www.wireshark.org/security/wnpa-sec-2010-03.html
http://www.wireshark.org/security/wnpa-sec-2010-04.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646
oval:org.mitre.oval:def:7331
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7331
wireshark-docsis-dos(58362)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58362

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801208
Categoría:	Denial of Service
Título:	Wireshark DOCSIS Dissector Denial of Service Vulnerability - Windows
Resumen:	Wireshark is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Wireshark is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is caused by an error in the DOCSIS (Data Over Cable Service Interface Specification) dissector when processing malformed data. An attacker can exploit this vulnerability by tricking a user into opening a malformed packet trace file. Vulnerability Impact: Successful exploitation will allow attackers to crash the application. Affected Software/OS: Wireshark Version 0.9.6 through 1.0.12 and Wireshark Version 1.2.0 through 1.2.7. Solution: Upgrade to the latest version of Wireshark 1.2.8 or 1.0.13. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1455 39661 http://secunia.com/advisories/39661 39950 http://www.securityfocus.com/bid/39950 42877 http://secunia.com/advisories/42877 43068 http://secunia.com/advisories/43068 64363 http://www.osvdb.org/64363 ADV-2010-1081 http://www.vupen.com/english/advisories/2010/1081 ADV-2011-0076 http://www.vupen.com/english/advisories/2011/0076 ADV-2011-0212 http://www.vupen.com/english/advisories/2011/0212 MDVSA-2010:099 http://www.mandriva.com/security/advisories?name=MDVSA-2010:099 SUSE-SR:2011:001 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html SUSE-SR:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html [oss-security] 20100507 Re: CVE Assignment (wireshark) http://www.openwall.com/lists/oss-security/2010/05/07/7 http://www.wireshark.org/security/wnpa-sec-2010-03.html http://www.wireshark.org/security/wnpa-sec-2010-04.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4644 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4646 oval:org.mitre.oval:def:7331 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7331 wireshark-docsis-dos(58362) https://exchange.xforce.ibmcloud.com/vulnerabilities/58362
Copyright	Copyright (C) 2010 Greenbone AG