CVE-2008-3146

Executive Summary

Informations
Name	CVE-2008-3146	First vendor Publication	2008-09-02
Vendor	Cve	Last vendor Modification	2011-03-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3146

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10624

Oval ID:	oval:org.mitre.oval:def:10624
Title:	Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.
Description:	Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-3146	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section wireshark is earlier than 0:1.0.3-EL3.3 AND wireshark-gnome is earlier than 0:1.0.3-EL3.3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section wireshark is earlier than 0:1.0.3-3.el4_7 AND wireshark-gnome is earlier than 0:1.0.3-3.el4_7 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section wireshark is earlier than 0:1.0.3-4.el5_2 AND wireshark-gnome is earlier than 0:1.0.3-4.el5_2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Wireshark Wireshark cpe:/a:wireshark:wireshark:1.0.2 cpe:/a:wireshark:wireshark:1.0.1 cpe:/a:wireshark:wireshark:1.0.0 cpe:/a:wireshark:wireshark:1.0 cpe:/a:wireshark:wireshark:0.99.8 cpe:/a:wireshark:wireshark:0.99.7 cpe:/a:wireshark:wireshark:0.99.6a cpe:/a:wireshark:wireshark:0.99.6 cpe:/a:wireshark:wireshark:0.99.5 cpe:/a:wireshark:wireshark:0.99.4 cpe:/a:wireshark:wireshark:0.99.3 cpe:/a:wireshark:wireshark:0.99.2 cpe:/a:wireshark:wireshark:0.99.1 cpe:/a:wireshark:wireshark:0.99.0 cpe:/a:wireshark:wireshark:0.99 cpe:/a:wireshark:wireshark:0.9.8 cpe:/a:wireshark:wireshark:0.9.7	17

Open Source Vulnerability Database (OSVDB)

id	Description
47931	Wireshark NCP Dissector Multiple Unspecified Overflows

Internal Sources (Detail)

Source	Url
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/496487/100/0/threaded
CONFIRM	http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675 http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278 http://www.wireshark.org/security/wnpa-sec-2008-05.html
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2008-September/msg007... https://www.redhat.com/archives/fedora-package-announce/2008-September/msg007...
GENTOO	http://security.gentoo.org/glsa/glsa-200809-17.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2008:199
REDHAT	http://www.redhat.com/support/errata/RHSA-2008-0890.html
SECTRACK	http://www.securitytracker.com/id?1020819
SECUNIA	http://secunia.com/advisories/31687 http://secunia.com/advisories/31864 http://secunia.com/advisories/31886 http://secunia.com/advisories/32028 http://secunia.com/advisories/32091
SUSE	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
VUPEN	http://www.vupen.com/english/advisories/2008/2773

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:21:25	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	17
osvdb(s)	1

Related	Severity
RHSA-2008:0890	(Critical)
MDVSA-2008:199	(Critical)
GLSA-200809-17	(Critical)

Same Subject	Severity
Login to view 13 more Alert(s)

CVE-2008-3146

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU