Executive Summary

Informations
NameMDVSA-2011:007First vendor Publication2011-01-14
VendorMandrivaLast vendor Modification2011-01-14
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been found and corrected in wireshark:

Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs (CVE-2011-0444).

The updated packages have been upgraded to the latest version (1.2.14) which is not affected by this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:007

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14283
 
Oval ID: oval:org.mitre.oval:def:14283
Title: Buffer overflow in the MAC-LTE dissector in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2
Description: Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0444
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Wireshark
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application18

OpenVAS Exploits

DateDescription
2012-07-30Name : Wireshark MAC-LTE dissector Buffer Overflow Vulnerability (Mac OS X)
File : nvt/gb_wireshark_mac_lte_dissector_bof_vuln_mac.nasl
2012-06-06Name : RedHat Update for wireshark RHSA-2011:0369-01
File : nvt/gb_RHSA-2011_0369-01_wireshark.nasl
2012-02-12Name : Gentoo Security Advisory GLSA 201110-02 (wireshark)
File : nvt/glsa_201110_02.nasl
2011-02-04Name : Fedora Update for wireshark FEDORA-2011-0460
File : nvt/gb_fedora_2011_0460_wireshark_fc13.nasl
2011-02-04Name : Fedora Update for wireshark FEDORA-2011-0450
File : nvt/gb_fedora_2011_0450_wireshark_fc14.nasl
2011-01-31Name : Wireshark MAC-LTE dissector Buffer Overflow Vulnerability (Win)
File : nvt/gb_wireshark_mac_lte_dissector_bof_vuln_win.nasl
2011-01-21Name : Mandriva Update for wireshark MDVSA-2011:007 (wireshark)
File : nvt/gb_mandriva_MDVSA_2011_007.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
70403Wireshark MAC-LTE Dissector RAR Saturation Overflow

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0369.nasl - Type : ACT_GATHER_INFO
2011-10-10Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-02.nasl - Type : ACT_GATHER_INFO
2011-04-07Name : The remote SuSE 11 host is missing a security update.
File : suse_11_wireshark-110331.nasl - Type : ACT_GATHER_INFO
2011-03-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0369.nasl - Type : ACT_GATHER_INFO
2011-02-03Name : The remote Fedora host is missing a security update.
File : fedora_2011-0450.nasl - Type : ACT_GATHER_INFO
2011-02-03Name : The remote Fedora host is missing a security update.
File : fedora_2011-0460.nasl - Type : ACT_GATHER_INFO
2011-01-28Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-007.nasl - Type : ACT_GATHER_INFO
2011-01-12Name : The remote Windows host contains an application that is affected by multiple ...
File : wireshark_1_4_3.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:42:00
  • Multiple Updates