Denial of Service : Wireshark X.509if Dissector DoS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801785

Categoría: Denial of Service

Título: Wireshark X.509if Dissector DoS Vulnerability - Windows

Resumen: Wireshark is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
Wireshark is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
The flaw is caused by an error in the 'X.509if' dissector when processing
malformed data, which could be exploited to crash an affected application.

Vulnerability Impact:
Successful exploitation could allow attackers to cause a denial of service via
a crafted .pcap file.

Affected Software/OS:
Wireshark version 1.2.0 through 1.2.15
Wireshark version 1.4.0 through 1.4.4

Solution:
Upgrade to the Wireshark version 1.4.5 or 1.2.16 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1590
1025388
http://securitytracker.com/id?1025388
44172
http://secunia.com/advisories/44172
44374
http://secunia.com/advisories/44374
44822
http://secunia.com/advisories/44822
45149
http://secunia.com/advisories/45149
48947
http://secunia.com/advisories/48947
71846
http://www.osvdb.org/71846
ADV-2011-1022
http://www.vupen.com/english/advisories/2011/1022
ADV-2011-1106
http://www.vupen.com/english/advisories/2011/1106
DSA-2274
http://www.debian.org/security/2011/dsa-2274
FEDORA-2011-5529
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058993.html
FEDORA-2011-5569
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058983.html
FEDORA-2011-5621
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058900.html
MDVSA-2011:083
http://www.mandriva.com/security/advisories?name=MDVSA-2011:083
SUSE-SU-2011:0611
https://hermes.opensuse.org/messages/8701428
[oss-security] 20110418 Re: Wireshark 1.2.16 / 1.4.5
http://openwall.com/lists/oss-security/2011/04/18/8
[oss-security] 20110418 Wireshark 1.2.16 / 1.4.5
http://openwall.com/lists/oss-security/2011/04/18/2
http://anonsvn.wireshark.org/viewvc?revision=36608&view=revision
http://www.wireshark.org/security/wnpa-sec-2011-05.html
http://www.wireshark.org/security/wnpa-sec-2011-06.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5754
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5793
oval:org.mitre.oval:def:15050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15050

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801785
Categoría:	Denial of Service
Título:	Wireshark X.509if Dissector DoS Vulnerability - Windows
Resumen:	Wireshark is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Wireshark is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is caused by an error in the 'X.509if' dissector when processing malformed data, which could be exploited to crash an affected application. Vulnerability Impact: Successful exploitation could allow attackers to cause a denial of service via a crafted .pcap file. Affected Software/OS: Wireshark version 1.2.0 through 1.2.15 Wireshark version 1.4.0 through 1.4.4 Solution: Upgrade to the Wireshark version 1.4.5 or 1.2.16 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1590 1025388 http://securitytracker.com/id?1025388 44172 http://secunia.com/advisories/44172 44374 http://secunia.com/advisories/44374 44822 http://secunia.com/advisories/44822 45149 http://secunia.com/advisories/45149 48947 http://secunia.com/advisories/48947 71846 http://www.osvdb.org/71846 ADV-2011-1022 http://www.vupen.com/english/advisories/2011/1022 ADV-2011-1106 http://www.vupen.com/english/advisories/2011/1106 DSA-2274 http://www.debian.org/security/2011/dsa-2274 FEDORA-2011-5529 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058993.html FEDORA-2011-5569 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058983.html FEDORA-2011-5621 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058900.html MDVSA-2011:083 http://www.mandriva.com/security/advisories?name=MDVSA-2011:083 SUSE-SU-2011:0611 https://hermes.opensuse.org/messages/8701428 [oss-security] 20110418 Re: Wireshark 1.2.16 / 1.4.5 http://openwall.com/lists/oss-security/2011/04/18/8 [oss-security] 20110418 Wireshark 1.2.16 / 1.4.5 http://openwall.com/lists/oss-security/2011/04/18/2 http://anonsvn.wireshark.org/viewvc?revision=36608&view=revision http://www.wireshark.org/security/wnpa-sec-2011-05.html http://www.wireshark.org/security/wnpa-sec-2011-06.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5754 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5793 oval:org.mitre.oval:def:15050 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15050
Copyright	Copyright (C) 2011 Greenbone AG