MDVSA-2011:007

Executive Summary

Informations
Name	MDVSA-2011:007	First vendor Publication	2011-01-14
Vendor	Mandriva	Last vendor Modification	2011-01-14
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been found and corrected in wireshark:

Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs (CVE-2011-0444).

The updated packages have been upgraded to the latest version (1.2.14) which is not affected by this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:007

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14283

Oval ID:	oval:org.mitre.oval:def:14283
Title:	Buffer overflow in the MAC-LTE dissector in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2
Description:	Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-0444	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Wireshark
Definition Synopsis:
Wireshark is installed on the system. AND Version of Wireshark is 1.2.0 through 1.2.13 or 1.4.0 through 1.4.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Wireshark Wireshark cpe:/a:wireshark:wireshark:1.4.2 cpe:/a:wireshark:wireshark:1.4.1 cpe:/a:wireshark:wireshark:1.4.0 cpe:/a:wireshark:wireshark:1.2.9 cpe:/a:wireshark:wireshark:1.2.8 cpe:/a:wireshark:wireshark:1.2.7 cpe:/a:wireshark:wireshark:1.2.6 cpe:/a:wireshark:wireshark:1.2.5 cpe:/a:wireshark:wireshark:1.2.4 cpe:/a:wireshark:wireshark:1.2.3 cpe:/a:wireshark:wireshark:1.2.2 cpe:/a:wireshark:wireshark:1.2.13 cpe:/a:wireshark:wireshark:1.2.12 cpe:/a:wireshark:wireshark:1.2.11 cpe:/a:wireshark:wireshark:1.2.10 cpe:/a:wireshark:wireshark:1.2.1 cpe:/a:wireshark:wireshark:1.2.0 cpe:/a:wireshark:wireshark:1.2	18

Open Source Vulnerability Database (OSVDB)

id	Description
70403	Wireshark MAC-LTE Dissector RAR Saturation Overflow

Type	Count
Oval ID(s)	1
CPE ID(s)	18
osvdb(s)	1

Related	Severity
CVE-2011-0444	(Critical)

Same Subject	Severity
Login to view 2 more Alert(s)

MDVSA-2011:007

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU