 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.806029 |
| Category: | Denial of Service |
| Title: | Wireshark Multiple Denial-of-Service Vulnerabilities-01 (Aug 2015) - Windows |
| Summary: | Wireshark is prone to multiple denial of service vulnerabilities. |
| Description: | Summary: Wireshark is prone to multiple denial of service vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An error in 'proto_tree_add_bytes_item' function in 'epan/proto.c' script in the protocol-tree implementation. - An error in 'wmem_block_split_free_chunk' function in 'epan/wmem/wmem_allocator_block.c' script in the wmem block allocator in the memory manager. - An error in 'dissector-table' implementation in 'epan/packet.c' script which mishandles table searches for empty strings. - An error in 'dissect_zbee_secure' function in 'epan/dissectors/packet-zbee-security.c' script in the ZigBee dissector. - Mishandling of datatype by 'epan/dissectors/packet-gsm_rlcmac.c' script in the GSM RLC/MAC dissector. - An error in 'dissect_wa_payload' function in 'epan/dissectors/packet-waveagent.c' script in the WaveAgent dissector. - Improper input validation of offset value by 'dissect_openflow_tablemod_v5' function in 'epan/dissectors/packet-openflow_v5.c' script. - Invalid data length checking by 'ptvcursor_add' function in the ptvcursor implementation in 'epan/proto.c' script. - An error in 'dissect_wccp2r1_address_table_info' function in 'epan/dissectors/packet-wccp.c' script. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct denial of service attack. Affected Software/OS: Wireshark version 1.12.x before 1.12.7 on Windows Solution: Upgrade Wireshark to version 1.12.7 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-6241 Debian Security Information: DSA-3367 (Google Search) http://www.debian.org/security/2015/dsa-3367 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165509.html http://www.securitytracker.com/id/1033272 SuSE Security Announcement: openSUSE-SU-2015:1836 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html Common Vulnerability Exposure (CVE) ID: CVE-2015-6242 Common Vulnerability Exposure (CVE) ID: CVE-2015-6243 BugTraq ID: 76384 http://www.securityfocus.com/bid/76384 Common Vulnerability Exposure (CVE) ID: CVE-2015-6244 BugTraq ID: 76383 http://www.securityfocus.com/bid/76383 Common Vulnerability Exposure (CVE) ID: CVE-2015-6245 BugTraq ID: 76382 http://www.securityfocus.com/bid/76382 Common Vulnerability Exposure (CVE) ID: CVE-2015-6246 BugTraq ID: 76381 http://www.securityfocus.com/bid/76381 Common Vulnerability Exposure (CVE) ID: CVE-2015-6247 Common Vulnerability Exposure (CVE) ID: CVE-2015-6248 BugTraq ID: 76387 http://www.securityfocus.com/bid/76387 Common Vulnerability Exposure (CVE) ID: CVE-2015-6249 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |