‫ Wireshark Multiple Vulnerabilities

IRCAD2013092881
ID: IRCAD2013092881
Release Date: 2013-09-11
Criticality level: Highly critical
Software:
Wireshark 1.x
Description:
Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1) An error in the Bluetooth HCI ACL dissector (dissectors/packet-bthci_acl.c) can be exploited to cause a crash.
This vulnerability is reported in versions 1.10.0 and 1.10.1.
2) An error in the NBAP dissector (dissectors/packet-nbap.c) can be exploited to cause a crash.
3) An error in the ASSA R3 dissector (dissectors/packet-assa_r3.c) can be exploited to cause an infinite loop and consume CPU resources.
4) An error in the RTPS dissector (dissectors/packet-rtsp.c) can be exploited to cause a buffer overflow.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
5) An error in the MQ dissector (dissectors/packet-mq.c) can be exploited to cause a crash.
6) An error in the LDAP dissector (dissectors/packet-ldap.c) can be exploited to cause a crash.
7) An error in the Netmon file parser (wiretap/netmon.c) can be exploited to cause a crash via a specially crafted packet trace file.
The vulnerabilities #2 through #7 are reported in versions 1.8.0 through 1.8.9, 1.10.0, and 1.10.1.
Solution
Update to version 1.8.10 or 1.10.2.
References:
Secunia

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 27 شهریور 1392

امتیاز

امتیاز شما
تعداد امتیازها:0