VuXML ID | Description |
baece347-c489-11dd-a721-0030843d3802 | wireshark -- SMTP Processing Denial of Service Vulnerability
Secunia reports:
A vulnerability has been reported in Wireshark, which can be
exploited by malicious people to cause a DoS.
The vulnerability is caused due to an error in the SMTP dissector
and can be exploited to trigger the execution of an infinite loop via
a large SMTP packet.
Discovery 2008-11-24 Entry 2008-12-07 wireshark
wireshark-lite
ethereal
ethereal-lite
tethereal
tethereal-lite
< 1.0.4_1
CVE-2008-5285
http://secunia.com/advisories/32840/
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html
|
defce068-39aa-11de-a493-001b77d09812 | wireshark -- multiple vulnerabilities
Wireshark team reports:
Wireshark 1.0.7 fixes the following vulnerabilities:
- The PROFINET dissector was vulnerable to a format
string overflow. (Bug 3382) Versions affected: 0.99.6 to
1.0.6, CVE-2009-1210.
- The Check Point High-Availability Protocol (CPHAP)
dissector could crash. (Bug 3269) Versions affected: 0.9.6
to 1.0.6; CVE-2009-1268.
- Wireshark could crash while loading a Tektronix .rf5
file. (Bug 3366) Versions affected: 0.99.6 to 1.0.6,
CVE-2009-1269.
Discovery 2009-04-06 Entry 2009-05-09 Modified 2009-05-13 ethereal
ethereal-lite
tethereal
tethereal-lite
wireshark
wireshark-lite
< 1.0.7
34291
34457
CVE-2009-1210
CVE-2009-1268
CVE-2009-1269
http://www.wireshark.org/security/wnpa-sec-2009-02.html
http://secunia.com/advisories/34542
|
a2d4a330-4d54-11de-8811-0030843d3802 | wireshark -- PCNFSD Dissector Denial of Service Vulnerability
Secunia reports:
A vulnerability has been reported in Wireshark, which can be
exploited by malicious people to cause a DoS.
The vulnerability is caused due to an error in the PCNFSD dissector
and can be exploited to cause a crash via a specially crafted PCNFSD
packet.
Discovery 2009-05-21 Entry 2009-05-30 Modified 2010-05-02 ethereal
ethereal-lite
tethereal
tethereal-lite
wireshark
wireshark-lite
< 1.0.8
CVE-2009-1829
http://secunia.com/advisories/35201/
http://www.wireshark.org/security/wnpa-sec-2009-03.html
|
21c223f2-d596-11da-8098-00123ffe8333 | ethereal -- Multiple Protocol Dissector Vulnerabilities
Secunia reports:
Multiple vulnerabilities have been reported in Ethereal, which
can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.
The vulnerabilities are caused due to various types of errors
including boundary errors, an off-by-one error, an infinite loop
error, and several unspecified errors in a multitude of protocol
dissectors.
Successful exploitation causes Ethereal to stop responding,
consume a large amount of system resources, crash, or execute
arbitrary code.
Discovery 2006-04-25 Entry 2006-04-27 ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.5 lt 0.99.0
CVE-2006-1932
CVE-2006-1933
CVE-2006-1934
CVE-2006-1935
CVE-2006-1936
CVE-2006-1937
CVE-2006-1938
CVE-2006-1939
CVE-2006-1940
http://www.ethereal.com/appnotes/enpa-sa-00023.html
http://secunia.com/advisories/19769/
|
7fadc049-2ba0-11dc-9377-0016179b2dd5 | wireshark -- Multiple problems
wireshark Team reports:
It may be possible to make Wireshark or Ethereal crash or use up
available memory by injecting a purposefully malformed packet onto
the wire or by convincing someone to read a malformed packet trace
file.
Discovery 2007-06-29 Entry 2007-07-06 Modified 2010-05-12 wireshark
wireshark-lite
ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.20 lt 0.99.6
CVE-2007-3389
CVE-2007-3390
CVE-2007-3391
CVE-2007-3392
CVE-2007-3393
http://secunia.com/advisories/25833/
http://www.wireshark.org/security/wnpa-sec-2007-02.html
|
f6f19735-9245-4918-8a60-87948ebb4907 | wireshark -- multiple vulnerabilities
Vendor reports:
On non-Windows systems Wireshark could crash if the HOME
environment variable contained sprintf-style string formatting
characters. Wireshark could crash while reading a malformed
NetScreen snoop file. Wireshark could crash while reading a
Tektronix K12 text capture file.
Discovery 2009-02-06 Entry 2009-03-22 Modified 2010-05-02 ethereal
ethereal-lite
tethereal
tethereal-lite
wireshark
wireshark-lite
< 1.0.6
CVE-2009-0599
CVE-2009-0600
CVE-2009-0601
http://www.wireshark.org/security/wnpa-sec-2009-01.html
|
5d51d245-00ca-11da-bc08-0001020eed82 | ethereal -- multiple protocol dissectors vulnerabilities
An Ethreal Security Advisories reports:
Our testing program has turned up several more security
issues:
- The LDAP dissector could free static memory and crash.
- The AgentX dissector could crash.
- The 802.3 dissector could go into an infinite loop.
- The PER dissector could abort.
- The DHCP dissector could go into an infinite loop.
- The BER dissector could abort or loop infinitely.
- The MEGACO dissector could go into an infinite loop.
- The GIOP dissector could dereference a null pointer.
- The SMB dissector was susceptible to a buffer overflow.
- The WBXML could dereference a null pointer.
- The H1 dissector could go into an infinite loop.
- The DOCSIS dissector could cause a crash.
- The SMPP dissector could go into an infinite loop.
- SCTP graphs could crash.
- The HTTP dissector could crash.
- The SMB dissector could go into a large loop.
- The DCERPC dissector could crash.
- Several dissectors could crash while reassembling packets.
Steve Grubb at Red Hat found the following issues:
- The CAMEL dissector could dereference a null pointer.
- The DHCP dissector could crash.
- The CAMEL dissector could crash.
- The PER dissector could crash.
- The RADIUS dissector could crash.
- The Telnet dissector could crash.
- The IS-IS LSP dissector could crash.
- The NCP dissector could crash.
iDEFENSE found the following issues:
- Several dissectors were susceptible to a format string
overflow.
Impact:
It may be possible to make Ethereal crash, use up
available memory, or run arbitrary code by injecting a
purposefully malformed packet onto the wire or by
convincing someone to read a malformed packet trace
file.
Discovery 2005-07-26 Entry 2005-07-30 ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.5 lt 0.10.12
http://www.ethereal.com/appnotes/enpa-sa-00020.html
|
8a835235-ae84-11dc-a5f9-001a4d49522b | wireshark -- multiple vulnerabilities
The Wireshark team reports of multiple vulnerabilities:
- Wireshark could crash when reading an MP3 file.
- Beyond Security discovered that Wireshark could loop
excessively while reading a malformed DNP packet.
- Stefan Esser discovered a buffer overflow in the SSL
dissector.
- The ANSI MAP dissector could be susceptible to a
buffer overflow on some platforms.
- The Firebird/Interbase dissector could go into an
infinite loop or crash.
- The NCP dissector could cause a crash.
- The HTTP dissector could crash on some systems while
decoding chunked messages.
- The MEGACO dissector could enter a large loop and
consume system resources.
- The DCP ETSI dissector could enter a large loop and
consume system resources.
- Fabiodds discovered a buffer overflow in the iSeries
(OS/400) Communication trace file parser.
- The PPP dissector could overflow a buffer.
- The Bluetooth SDP dissector could go into an infinite
loop.
- A malformed RPC Portmap packet could cause a
crash.
- The IPv6 dissector could loop excessively.
- The USB dissector could loop excessively or crash.
- The SMB dissector could crash.
- The RPL dissector could go into an infinite loop.
- The WiMAX dissector could crash due to unaligned
access on some platforms.
- The CIP dissector could attempt to allocate a huge
amount of memory and crash.
Impact
It may be possible to make Wireshark or Ethereal crash or
use up available memory by injecting a purposefully
malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.
Discovery 2007-12-19 Entry 2007-12-19 Modified 2007-12-22 wireshark
wireshark-lite
ethereal
ethereal-lite
tethereal
tethereal-lite
ge 0.8.16 lt 0.99.7
CVE-2007-6112
CVE-2007-6113
CVE-2007-6114
CVE-2007-6115
CVE-2007-6117
CVE-2007-6118
CVE-2007-6120
CVE-2007-6121
CVE-2007-6438
CVE-2007-6439
CVE-2007-6441
CVE-2007-6450
CVE-2007-6451
http://www.wireshark.org/security/wnpa-sec-2007-03.html
|