‫ Wireshark Multiple Vulnerabilities

IRCAD2013022453
ID: IRCAD2013022453
Release Date: 2013-01-30
Criticality level: Highly critical
 
Software:
Wireshark 1.x
 
Description:
Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1) Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets.
2) An error in the CLNP dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.
3) An error in the DTN dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.
4) An error in the MS-MMC dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.
5) An error in the DTLS dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.
6) An error in the ROHC dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.
7) An error in the DCP-ETSI dissector when processing certain packets can be exploited to cause a memory corruption via a specially crafted packet.
8) An error in the dissection engine when processing certain packets can be exploited to cause a crash via a specially crafted packet.
9) An error in the NTLMSSP dissector when processing certain packets can be exploited to cause a buffer overflow via a specially crafted packet.
Successful exploitation of vulnerabilities #7 and #9 may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 1.8.5 and 1.6.13.
 
Solution
Update to version 1.8.5 or 1.6.13.
 
References:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 14 بهمن 1391

امتیاز

امتیاز شما
تعداد امتیازها:0