Denial of Service : Wireshark ANSI A MAP Files Denial of Service Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.802766

Categoría: Denial of Service

Título: Wireshark ANSI A MAP Files Denial of Service Vulnerability - Mac OS X

Resumen: Wireshark is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
Wireshark is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
The flaw is caused to an infinite loop was found in the way ANSI A interface
dissector of the Wireshark network traffic analyzer processed certain ANSI A
MAP capture files. If Wireshark read a malformed packet off a network or
opened a malicious packet capture file, it could lead to denial of service.

Vulnerability Impact:
Successful exploitation allows attackers to crash an affected application,
denying service to legitimate users.

Affected Software/OS:
Wireshark version 1.6.0
Wireshark version 1.4.x to 1.4.7 on Mac OS X

Solution:
Upgrade to Wireshark version 1.4.8 or 1.6.1 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2698
45086
http://secunia.com/advisories/45086
45574
http://secunia.com/advisories/45574
48947
http://secunia.com/advisories/48947
49071
http://www.securityfocus.com/bid/49071
FEDORA-2011-9638
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html
FEDORA-2011-9640
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html
RHSA-2013:0125
http://rhn.redhat.com/errata/RHSA-2013-0125.html
[oss-security] 20110719 CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector
http://www.openwall.com/lists/oss-security/2011/07/19/5
[oss-security] 20110720 Re: CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector
http://www.openwall.com/lists/oss-security/2011/07/20/2
http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930
http://www.wireshark.org/security/wnpa-sec-2011-10.html
http://www.wireshark.org/security/wnpa-sec-2011-11.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044
https://bugzilla.redhat.com/show_bug.cgi?id=723215
oval:org.mitre.oval:def:14610
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14610
wireshark-ansiamap-dos(69074)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69074

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.802766
Categoría:	Denial of Service
Título:	Wireshark ANSI A MAP Files Denial of Service Vulnerability - Mac OS X
Resumen:	Wireshark is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Wireshark is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is caused to an infinite loop was found in the way ANSI A interface dissector of the Wireshark network traffic analyzer processed certain ANSI A MAP capture files. If Wireshark read a malformed packet off a network or opened a malicious packet capture file, it could lead to denial of service. Vulnerability Impact: Successful exploitation allows attackers to crash an affected application, denying service to legitimate users. Affected Software/OS: Wireshark version 1.6.0 Wireshark version 1.4.x to 1.4.7 on Mac OS X Solution: Upgrade to Wireshark version 1.4.8 or 1.6.1 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2698 45086 http://secunia.com/advisories/45086 45574 http://secunia.com/advisories/45574 48947 http://secunia.com/advisories/48947 49071 http://www.securityfocus.com/bid/49071 FEDORA-2011-9638 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063586.html FEDORA-2011-9640 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html RHSA-2013:0125 http://rhn.redhat.com/errata/RHSA-2013-0125.html [oss-security] 20110719 CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector http://www.openwall.com/lists/oss-security/2011/07/19/5 [oss-security] 20110720 Re: CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector http://www.openwall.com/lists/oss-security/2011/07/20/2 http://anonsvn.wireshark.org/viewvc?view=revision&revision=37930 http://www.wireshark.org/security/wnpa-sec-2011-10.html http://www.wireshark.org/security/wnpa-sec-2011-11.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6044 https://bugzilla.redhat.com/show_bug.cgi?id=723215 oval:org.mitre.oval:def:14610 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14610 wireshark-ansiamap-dos(69074) https://exchange.xforce.ibmcloud.com/vulnerabilities/69074
Copyright	Copyright (C) 2012 Greenbone AG