Executive Summary
Summary | |
---|---|
Title | wireshark security update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:0059 | First vendor Publication | 2008-01-21 |
Vendor | RedHat | Last vendor Modification | 2008-01-21 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117) Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392, CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121, CVE-2007-6450, CVE-2007-6451) As well, Wireshark switched from using net-snmp to libsmi, which is included in this errata. Users of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 245796 - CVE-2007-3389 Wireshark crashes when inspecting HTTP traffic 245797 - CVE-2007-3391 Wireshark loops infinitely when inspecting DCP ETSI traffic 245798 - CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic 246221 - CVE-2007-3393 Wireshark corrupts the stack when inspecting BOOTP traffic 246225 - CVE-2007-3390 Wireshark crashes when inspecting iSeries traffic 246229 - CVE-2007-3392 Wireshark crashes when inspecting MMS traffic 397281 - CVE-2007-6113 wireshark DNP3 flaws 397291 - CVE-2007-6114 wireshark SSL and OS/400 trace flaws 397311 - CVE-2007-6115 wireshark ANSI MAP flaws 397331 - CVE-2007-6117 wireshark HTTP dissector flaws 397341 - CVE-2007-6118 wireshark MEGACO dissector flaws 397361 - CVE-2007-6120 wireshark Bluetooth SDP dissector flaws 397371 - CVE-2007-6121 wireshark RPC Portmap flaws 426337 - Wireshare rebase requires new libsmi package adding to rhel3 427253 - CVE-2007-6450 wireshark RPL dissector crash 427254 - CVE-2007-6451 wireshark CIP dissector crash |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-0059.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
38 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
38 % | CWE-20 | Improper Input Validation |
12 % | CWE-399 | Resource Management Errors |
12 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10659 | |||
Oval ID: | oval:org.mitre.oval:def:10659 | ||
Title: | The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. | ||
Description: | The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6118 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10663 | |||
Oval ID: | oval:org.mitre.oval:def:10663 | ||
Title: | Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. | ||
Description: | Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3392 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10708 | |||
Oval ID: | oval:org.mitre.oval:def:10708 | ||
Title: | Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser. | ||
Description: | Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6114 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10865 | |||
Oval ID: | oval:org.mitre.oval:def:10865 | ||
Title: | Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. | ||
Description: | Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3390 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11010 | |||
Oval ID: | oval:org.mitre.oval:def:11010 | ||
Title: | Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. | ||
Description: | Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3393 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11374 | |||
Oval ID: | oval:org.mitre.oval:def:11374 | ||
Title: | Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. | ||
Description: | Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6121 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11442 | |||
Oval ID: | oval:org.mitre.oval:def:11442 | ||
Title: | The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | ||
Description: | The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6450 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11508 | |||
Oval ID: | oval:org.mitre.oval:def:11508 | ||
Title: | Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages. | ||
Description: | Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6117 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11672 | |||
Oval ID: | oval:org.mitre.oval:def:11672 | ||
Title: | Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. | ||
Description: | Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3391 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14578 | |||
Oval ID: | oval:org.mitre.oval:def:14578 | ||
Title: | ANSI MAP dissector vulnerability in Wireshark 0.99.5 to 0.99.6 | ||
Description: | Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-6115 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14802 | |||
Oval ID: | oval:org.mitre.oval:def:14802 | ||
Title: | Bluetooth SDP dissector vulnerability in Wireshark 0.99.2 to 0.99.6 | ||
Description: | The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-6120 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14911 | |||
Oval ID: | oval:org.mitre.oval:def:14911 | ||
Title: | DCP ETSI dissector vulnerability in Wireshark 0.99.5 | ||
Description: | Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3391 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18331 | |||
Oval ID: | oval:org.mitre.oval:def:18331 | ||
Title: | DSA-1414-1 wireshark - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1414-1 CVE-2007-6114 CVE-2007-6117 CVE-2007-6118 CVE-2007-6120 CVE-2007-6121 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18616 | |||
Oval ID: | oval:org.mitre.oval:def:18616 | ||
Title: | DSA-1322-1 wireshark | ||
Description: | Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1322-1 CVE-2007-3390 CVE-2007-3392 CVE-2007-3393 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20300 | |||
Oval ID: | oval:org.mitre.oval:def:20300 | ||
Title: | DSA-1446-1 wireshark denial of service | ||
Description: | Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1446-1 CVE-2007-6450 CVE-2007-6451 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21733 | |||
Oval ID: | oval:org.mitre.oval:def:21733 | ||
Title: | ELSA-2007:0710: wireshark security update (Low) | ||
Description: | Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0710-04 CVE-2007-3389 CVE-2007-3390 CVE-2007-3391 CVE-2007-3392 CVE-2007-3393 | Version: | 25 |
Platform(s): | Oracle Linux 5 | Product(s): | wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22589 | |||
Oval ID: | oval:org.mitre.oval:def:22589 | ||
Title: | ELSA-2008:0058: wireshark security update (Moderate) | ||
Description: | Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0058-01 CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6114 CVE-2007-6115 CVE-2007-6116 CVE-2007-6117 CVE-2007-6118 CVE-2007-6119 CVE-2007-6120 CVE-2007-6121 CVE-2007-6438 CVE-2007-6439 CVE-2007-6441 CVE-2007-6450 CVE-2007-6451 | Version: | 69 |
Platform(s): | Oracle Linux 5 | Product(s): | libsmi wireshark |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8307 | |||
Oval ID: | oval:org.mitre.oval:def:8307 | ||
Title: | DSA-1446 wireshark -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: The RPL dissector could be tricked into an infinite loop. The CIP dissector could be tricked into excessive memory allocation. For the old stable distribution (sarge), these problems have been fixed in version 0.10.10-2sarge11. (In Sarge Wireshark used to be called Ethereal). For the stable distribution (etch), these problems have been fixed in version 0.99.4-5.etch.2. For the unstable distribution (sid), these problems have been fixed in version 0.99.7-1. We recommend that you upgrade your wireshark packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1446 CVE-2007-6450 CVE-2007-6451 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | wireshark |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9488 | |||
Oval ID: | oval:org.mitre.oval:def:9488 | ||
Title: | The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | ||
Description: | The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6120 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9685 | |||
Oval ID: | oval:org.mitre.oval:def:9685 | ||
Title: | Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. | ||
Description: | Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6451 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9726 | |||
Oval ID: | oval:org.mitre.oval:def:9726 | ||
Title: | Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. | ||
Description: | Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6115 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9841 | |||
Oval ID: | oval:org.mitre.oval:def:9841 | ||
Title: | Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet. | ||
Description: | Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6113 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9964 | |||
Oval ID: | oval:org.mitre.oval:def:9964 | ||
Title: | Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. | ||
Description: | Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3389 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for ethereal File : nvt/sles9p5009131.nasl |
2009-04-09 | Name : Mandriva Update for wireshark MDVSA-2008:1 (wireshark) File : nvt/gb_mandriva_MDVSA_2008_1.nasl |
2009-04-09 | Name : Mandriva Update for wireshark MDVSA-2008:001-1 (wireshark) File : nvt/gb_mandriva_MDVSA_2008_001_1.nasl |
2009-04-09 | Name : Mandriva Update for wireshark MDKSA-2007:145 (wireshark) File : nvt/gb_mandriva_MDKSA_2007_145.nasl |
2009-03-06 | Name : RedHat Update for wireshark RHSA-2008:0058-01 File : nvt/gb_RHSA-2008_0058-01_wireshark.nasl |
2009-03-06 | Name : RedHat Update for wireshark RHSA-2008:0059-01 File : nvt/gb_RHSA-2008_0059-01_wireshark.nasl |
2009-02-27 | Name : CentOS Update for libsmi CESA-2008:0058 centos4 x86_64 File : nvt/gb_CESA-2008_0058_libsmi_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for libsmi CESA-2008:0059 centos3 i386 File : nvt/gb_CESA-2008_0059_libsmi_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for libsmi CESA-2008:0059 centos3 x86_64 File : nvt/gb_CESA-2008_0059_libsmi_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for libsmi CESA-2008:0058 centos4 i386 File : nvt/gb_CESA-2008_0058_libsmi_centos4_i386.nasl |
2009-02-27 | Name : Fedora Update for wireshark FEDORA-2007-4590 File : nvt/gb_fedora_2007_4590_wireshark_fc8.nasl |
2009-02-27 | Name : Fedora Update for wireshark FEDORA-2007-4690 File : nvt/gb_fedora_2007_4690_wireshark_fc7.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200708-12 (wireshark) File : nvt/glsa_200708_12.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200712-23 (wireshark) File : nvt/glsa_200712_23.nasl |
2008-09-04 | Name : wireshark -- multiple vulnerabilities File : nvt/freebsd_wireshark0.nasl |
2008-09-04 | Name : wireshark -- Multiple problems File : nvt/freebsd_wireshark.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1322-1 (wireshark) File : nvt/deb_1322_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1446-1 (wireshark) File : nvt/deb_1446_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1414-1 (wireshark) File : nvt/deb_1414_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40468 | Wireshark iSeries (OS/400) Communication Trace File Parser Unspecified Remote... |
40467 | Wireshark SSL Dissector Unspecified Remote Overflow |
40459 | Wireshark RPL Dissector Unspecified Remote Infinite Loop DoS |
40458 | Wireshark CIP Dissector Unspecified Remote Memory Consumption DoS |
40456 | Wireshark DNP3 Dissector Malformed Packet Handling Remote Infinite Loop DoS |
40455 | Wireshark ANSI MAP Dissector Unspecified Remote Overflow |
40453 | Wireshark HTTP Dissector Chunked Message Handling Unspecified Remote Issue |
40452 | Wireshark MEGACO Dissector Unspecified Remote DoS |
40451 | Wireshark Malformed RPC Portmap Packet Handling Remote DoS |
40450 | Wireshark Bluetooth SDP Dissector Unspecified Infinite Loop Remote DoS |
37643 | Wireshark HTTP Response Crafted Chunked Encoding Remote DoS Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP response is received, and will result in loss of availability for the application. |
37642 | Wireshark Crafted iSeries Capture File Handling Remote DoS Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered by multiple specially crafted iSeries capture files, and will result in loss of availability for the application. |
37641 | Wireshark Malformed DCP ETSI Packet Remote Memory Consumption DoS Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when the application receives a specially crafted DCP ETSI packet, and will result in loss of availability for the host. |
37640 | Wireshark Malformed SSL / MMS Packet Handling DoS Wireshark contains a flaw in the way it handles SSL and MMS packets that may allow a remote denial of service. The issue is triggered by a specially crafted packet, and will result in loss of availability for the application. |
37639 | Wireshark DHCP/BOOTP Dissector Crafted DHCP-over-DOCSIS Packet Remote DoS The Wireshark DHCP/BOOTP dissector contains an off-by-one flaw that may allow a remote denial of service. The issue is triggered when multiple DHCP-over-DOCSIS packets are received, and will result in loss of availability for the application. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0059.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0058.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0709.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080121_wireshark_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071115_wireshark_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071107_wireshark_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0058.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11574.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-001.nasl - Type : ACT_GATHER_INFO |
2008-01-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0059.nasl - Type : ACT_GATHER_INFO |
2008-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0058.nasl - Type : ACT_GATHER_INFO |
2008-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0059.nasl - Type : ACT_GATHER_INFO |
2008-01-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1446.nasl - Type : ACT_GATHER_INFO |
2007-12-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200712-23.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8a835235ae8411dca5f9001a4d49522b.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4690.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4590.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ethereal-3888.nasl - Type : ACT_GATHER_INFO |
2007-11-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1414.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0709.nasl - Type : ACT_GATHER_INFO |
2007-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0710.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_wireshark-3886.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_ethereal-3885.nasl - Type : ACT_GATHER_INFO |
2007-08-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-12.nasl - Type : ACT_GATHER_INFO |
2007-07-11 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-145.nasl - Type : ACT_GATHER_INFO |
2007-07-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7fadc0492ba011dc93770016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2007-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1322.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:23 |
|