‫ Wireshark Multiple Vulnerabilities

IRCAD2013062726
ID: IRCAD2013062726
Release Date: 2013-06-10
Criticality level: Highly critical
 
Software:
Wireshark 1.x
 
Description:
Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1) An error in the CAPWAP dissector (dissectors/packet-capwap.c) can be exploited to cause a crash via specially crafted packets.
2) An error in the GMR-1 BCCH dissector (dissectors/packet-gmr1_bcch.c) can be exploited to cause a crash via specially crafted packets.
3) An error in the PPP dissector (dissectors/packet-ppp.c) can be exploited to cause a crash via specially crafted packets.
4) An error in the NBAP dissector (dissectors/packet-nbap.c) can be exploited to cause a crash via specially crafted packets.
5) An error in the RDP dissector (dissectors/packet-rdp.c) can be exploited to cause a crash via specially crafted packets.
6) An error in the GSM CBCH dissector (dissectors/packet-gsm_cbch.c) can be exploited to cause a crash via specially crafted packets.
7) An error in the Assa Abloy R3 dissector (dissectors/packet-assa_r3.c) can be exploited to cause excessive memory and CPU consumption.
8) An error in the HTTP dissector (dissectors/packet-http.c) when processing certain packets can be exploited to cause a stack overflow via a specially crafted packet.
9) An error in the Ixia IxVeriWave file parser (wiretap/vwr.c) when processing certain packets can be exploited to cause a heap-based buffer overflow via a specially crafted packet.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
The vulnerabilities #2 through #7 and #9 are reported in versions 1.8.0 through 1.8.7.
10) An error in the DCP ETSI dissector (dissectors/packet-dcp-etsi.c) can be exploited to cause a crash via specially crafted packets.
The vulnerabilities #1, #8, and #‫10 are reported in versions 1.6.0 through 1.6.15 and 1.8.0 through 1.8.7.
 
Solution
Update to version 1.6.16 or 1.8.8.
 
References:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 21 خرداد 1392

امتیاز

امتیاز شما
تعداد امتیازها:0