Buffer overflow : Wireshark ENTTEC DMX Data RLE Buffer Overflow Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801828

Categoría: Buffer overflow

Título: Wireshark ENTTEC DMX Data RLE Buffer Overflow Vulnerability - Windows

Resumen: Wireshark is prone to a buffer overflow vulnerability.

Descripción: Summary:
Wireshark is prone to a buffer overflow vulnerability.

Vulnerability Insight:
The flaw is caused by a boundary error in the 'dissect_enttec_dmx_data()'
function when processing RLE Compressed DMX data of the ENTTEC protocol
which can be exploited to cause a buffer overflow via a specially crafted packet.

Vulnerability Impact:
Successful exploitation will allow attackers to create a denial of service
or execute arbitrary code.

Affected Software/OS:
Wireshark version 1.4.2.

Solution:
Upgrade to the latest version of Wireshark 1.4.3.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4538
1024930
http://www.securitytracker.com/id?1024930
42767
http://secunia.com/advisories/42767
42853
http://secunia.com/advisories/42853
42910
http://secunia.com/advisories/42910
42914
http://secunia.com/advisories/42914
45634
http://www.securityfocus.com/bid/45634
70244
http://osvdb.org/70244
ADV-2011-0008
http://www.vupen.com/english/advisories/2011/0008
ADV-2011-0053
http://www.vupen.com/english/advisories/2011/0053
ADV-2011-0069
http://www.vupen.com/english/advisories/2011/0069
ADV-2011-0079
http://www.vupen.com/english/advisories/2011/0079
ADV-2011-0099
http://www.vupen.com/english/advisories/2011/0099
ADV-2011-0110
http://www.vupen.com/english/advisories/2011/0110
DSA-2144
http://www.debian.org/security/2011/dsa-2144
FEDORA-2011-0128
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053042.html
FEDORA-2011-0167
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053061.html
MDVSA-2011:002
http://www.mandriva.com/security/advisories?name=MDVSA-2011:002
RHSA-2011:0013
http://www.redhat.com/support/errata/RHSA-2011-0013.html
[oss-security] 20101231 CVE Request: Wireshark
http://openwall.com/lists/oss-security/2010/12/31/7
[oss-security] 20110103 Re: CVE Request: Wireshark
http://openwall.com/lists/oss-security/2011/01/03/8
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5539
oval:org.mitre.oval:def:14937
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14937

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801828
Categoría:	Buffer overflow
Título:	Wireshark ENTTEC DMX Data RLE Buffer Overflow Vulnerability - Windows
Resumen:	Wireshark is prone to a buffer overflow vulnerability.
Descripción:	Summary: Wireshark is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is caused by a boundary error in the 'dissect_enttec_dmx_data()' function when processing RLE Compressed DMX data of the ENTTEC protocol which can be exploited to cause a buffer overflow via a specially crafted packet. Vulnerability Impact: Successful exploitation will allow attackers to create a denial of service or execute arbitrary code. Affected Software/OS: Wireshark version 1.4.2. Solution: Upgrade to the latest version of Wireshark 1.4.3. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4538 1024930 http://www.securitytracker.com/id?1024930 42767 http://secunia.com/advisories/42767 42853 http://secunia.com/advisories/42853 42910 http://secunia.com/advisories/42910 42914 http://secunia.com/advisories/42914 45634 http://www.securityfocus.com/bid/45634 70244 http://osvdb.org/70244 ADV-2011-0008 http://www.vupen.com/english/advisories/2011/0008 ADV-2011-0053 http://www.vupen.com/english/advisories/2011/0053 ADV-2011-0069 http://www.vupen.com/english/advisories/2011/0069 ADV-2011-0079 http://www.vupen.com/english/advisories/2011/0079 ADV-2011-0099 http://www.vupen.com/english/advisories/2011/0099 ADV-2011-0110 http://www.vupen.com/english/advisories/2011/0110 DSA-2144 http://www.debian.org/security/2011/dsa-2144 FEDORA-2011-0128 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053042.html FEDORA-2011-0167 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053061.html MDVSA-2011:002 http://www.mandriva.com/security/advisories?name=MDVSA-2011:002 RHSA-2011:0013 http://www.redhat.com/support/errata/RHSA-2011-0013.html [oss-security] 20101231 CVE Request: Wireshark http://openwall.com/lists/oss-security/2010/12/31/7 [oss-security] 20110103 Re: CVE Request: Wireshark http://openwall.com/lists/oss-security/2011/01/03/8 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5539 oval:org.mitre.oval:def:14937 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14937
Copyright	Copyright (C) 2011 Greenbone AG