Denial of Service : Wireshark Multiple Denial of Service Vulnerabilities-01 (Aug 2014)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.804801

Categoría: Denial of Service

Título: Wireshark Multiple Denial of Service Vulnerabilities-01 (Aug 2014) - Mac OS X

Resumen: Wireshark is prone to multiple denial of service vulnerabilities.

Descripción: Summary:
Wireshark is prone to multiple denial of service vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- An error in 'dissect_log' function in plugins/irda/packet-irda.c within the
ASN.1 BER dissector.

- An error in 'read_new_line' function in wiretap/catapult_dct2000.c within the
Catapult DCT2000 dissector.

- An error in 'APN decode' functionality in epan/dissectors/packet-gtp.c and
epan/dissectors/packet-gsm_a_gm.c within the GTP and GSM Management dissectors.

- An error in 'rlc_decode_li' function in epan/dissectors/packet-rlc.c within
the RLC dissector.

- An error in 'dissect_ber_constrained_bitstring' function in
epan/dissectors/packet-ber.c within the ASN.1 BER dissector.

Vulnerability Impact:
Successful exploitation will allow attackers to conduct a DoS (Denial of
Service).

Affected Software/OS:
Wireshark version 1.10.x before 1.10.9 on Mac OS X

Solution:
Upgrade to Wireshark version 1.10.9 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-5161
Debian Security Information: DSA-3002 (Google Search)
http://www.debian.org/security/2014/dsa-3002
http://secunia.com/advisories/57593
SuSE Security Announcement: SUSE-SU-2014:1221 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
SuSE Security Announcement: openSUSE-SU-2014:1038 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html
SuSE Security Announcement: openSUSE-SU-2014:1249 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-5162
Common Vulnerability Exposure (CVE) ID: CVE-2014-5163
Common Vulnerability Exposure (CVE) ID: CVE-2014-5164
Common Vulnerability Exposure (CVE) ID: CVE-2014-5165

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.804801
Categoría:	Denial of Service
Título:	Wireshark Multiple Denial of Service Vulnerabilities-01 (Aug 2014) - Mac OS X
Resumen:	Wireshark is prone to multiple denial of service vulnerabilities.
Descripción:	Summary: Wireshark is prone to multiple denial of service vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An error in 'dissect_log' function in plugins/irda/packet-irda.c within the ASN.1 BER dissector. - An error in 'read_new_line' function in wiretap/catapult_dct2000.c within the Catapult DCT2000 dissector. - An error in 'APN decode' functionality in epan/dissectors/packet-gtp.c and epan/dissectors/packet-gsm_a_gm.c within the GTP and GSM Management dissectors. - An error in 'rlc_decode_li' function in epan/dissectors/packet-rlc.c within the RLC dissector. - An error in 'dissect_ber_constrained_bitstring' function in epan/dissectors/packet-ber.c within the ASN.1 BER dissector. Vulnerability Impact: Successful exploitation will allow attackers to conduct a DoS (Denial of Service). Affected Software/OS: Wireshark version 1.10.x before 1.10.9 on Mac OS X Solution: Upgrade to Wireshark version 1.10.9 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5161 Debian Security Information: DSA-3002 (Google Search) http://www.debian.org/security/2014/dsa-3002 http://secunia.com/advisories/57593 SuSE Security Announcement: SUSE-SU-2014:1221 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html SuSE Security Announcement: openSUSE-SU-2014:1038 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html SuSE Security Announcement: openSUSE-SU-2014:1249 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html Common Vulnerability Exposure (CVE) ID: CVE-2014-5162 Common Vulnerability Exposure (CVE) ID: CVE-2014-5163 Common Vulnerability Exposure (CVE) ID: CVE-2014-5164 Common Vulnerability Exposure (CVE) ID: CVE-2014-5165
Copyright	Copyright (C) 2014 Greenbone AG