Next Page >>
dissectors
===========
Multiple vulnerabilities have been discovered in Wireshark:
* David Maciejak discovered a vulnerability in packet-usb.c in the
USB dissector via a malformed USB Request Block (URB)
(CVE-2008-4680).
* Florent Drouin and David Maciejak reported an unspecified
vulnerability in the Bluetooth RFCOMM dissector (CVE-2008-4681).
* Ryan Giobbi reported an integer overflow in wiretap/erf.c
(CVE-2009-3829).
* The vendor reported multiple unspecified vulnerabilities in the
Bluetooth L2CAP, RADIUS, and MIOP dissectors (CVE-2009-2560), in the
OpcUa dissector (CVE-2009-3241), in packet.c in the GSM A RR
dissector (CVE-2009-3242), in the TLS dissector (CVE-2009-3243), in
the Paltalk dissector (CVE-2009-3549), in the DCERPC/NT dissector
(CVE-2009-3550), and in the dissect_negprot_response() function in
packet-smb.c in the SMB dissector (CVE-2009-3551).
Wireshark 1.4.0, tested with Windows XP SP2. Previous versions may also be affected due to code reuse.
------------------------------------------------------------------
V. Solution
Since the ASN.1/BER dissector is used by several protocol dissectors, it may be inadequate to disable SNMP protocol dissection only. There is no known workaround at this time.
------------------------------------------------------------------
VI. Credit
The penetration test team Of NCNIPC (China) is credited for this vulnerability.
analyzer Wireshark. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2008-3137
The GSM SMS dissector is vulnerable to denial of service.
CVE-2008-3138
The PANA and KISMET dissectors are vulnerable to denial of service.
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2007-6114
Stefan Esser discovered a buffer overflow in the SSL dissector.
"Fabiodds" discovered a buffer overflow in the iSeries trace
dissector.
CVE-2007-6117
Description
===========
Multiple vulnerabilities were discovered in Wireshark:
* A buffer overflow in the IPMI dissector related to an array index
error (CVE-2009-2559).
* Multiple unspecified vulnerabilities in the Bluetooth L2CAP,
RADIUS, and MIOP dissectors (CVE-2009-2560).
Description
===========
Multiple vulnerabilities related to memory management were discovered
in the GSM SMS dissector (CVE-2008-3137), the PANA and KISMET
dissectors (CVE-2008-3138), the RTMPT dissector (CVE-2008-3139), the
syslog dissector (CVE-2008-3140) and the RMI dissector (CVE-2008-3141)
and when reassembling fragmented packets (CVE-2008-3145).
Impact
Problem Description:
This advisory updates wireshark to the latest version(s), fixing
several security issues:
* The SMB dissector could dereference a NULL pointer. (Bug 4734)
* J. Oquendo discovered that the ASN.1 BER dissector could overrun
the stack.
* The SMB PIPE dissector could dereference a NULL pointer on some
platforms.
* The SigComp Universal Decompressor Virtual Machine could go into
Problem Description:
This advisory updates Wireshark to the version 1.0.11, which fixes
the following vulnerabilities:
The SMB and SMB2 dissectors could crash (CVE-2009-4377).
The Infiniband dissector could crash on some platforms (CVE-2009-2563).
Several buffer overflows were discovered and fixed in the LWRES
dissector.
_______________________________________________________________________
_______________________________________________________________________
Problem Description:
Two vulnerabilities were discovered in Wireshark. The first is a
vulnerability in the SMTP dissector that could cause it to consume
excessive CPU and memory via a long SMTP request (CVE-2008-5285).
The second is an issue with the WLCCP dissector that could cause it
to go into an infinite loop.
project identifies the following problems:
CVE-2009-1210
A format string vulnerability was discovered in the PROFINET
dissector.
CVE-2009-1268
The dissector for the Check Point High-Availability Protocol
could be forced to crash.
Problem Description:
This advisory updates wireshark to the latest version(s), fixing
several security issues:
Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through
1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack
vectors (CVE-2010-2284).
Buffer overflow in the SigComp Universal Decompressor Virtual Machine
dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8
code or denial of service. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-4337
A NULL pointer dereference was found in the SMB/SMB2 dissectors.
CVE-2010-0304
Several buffer overflows were found in the LWRES dissector.
code or denial of service. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-2560
A NULL pointer dereference was found in the RADIUS dissector.
CVE-2009-3550
A NULL pointer dereference was found in the DCERP/NT dissector.
Description
===========
Multiple unspecified errors exist in the SCTP, SNMP, and TFTP
dissectors.
Impact
======
A remote attacker could cause a Denial of Service by sending a
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2007-6450
The RPL dissector could be tricked into an infinite loop.
CVE-2007-6451
The CIP dissector could be tricked into excessive memory
allocation.
Description
===========
The following vulnerabilities were reported:
* Multiple buffer overflows in the NCP dissector (CVE-2008-3146).
* Infinite loop in the NCP dissector (CVE-2008-3932).
* Invalid read in the tvb_uncompress() function when processing zlib
compressed data (CVE-2008-3933).
A vulnerability in Wireshark's DNP3 dissector allows attackers to cause it
to enter an infinite loop which in turn can be used to mask other types of
attacks from being captured by Wireshark.
DETAILS
Vulnerable Systems:
* Wireshark version 0.99.5 and prior
Immune Systems:
_______________________________________________________________________
Problem Description:
Vulnerabilities have been discovered and corrected in wireshark,
affecting DCERPC/NT dissector, which allows remote attackers to cause
a denial of service (NULL pointer dereference and application crash)
via a file that records a malformed packet trace (CVE-2009-3550); and
in wiretap/erf.c which allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via a crafted
erf file (CVE-2009-3829).
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-2994 CVE-2010-2995
Several implementation errors in the dissector of the Wireshark network
traffic analyzer for the ASN.1 BER protocol and in the SigComp Universal
Decompressor Virtual Machine may lead to the execution of arbitrary code.
For the stable distribution (lenny), these problems have been fixed in
version 1.0.2-3+lenny10.
Problem Description:
This advisory updates wireshark to the latest version(s), fixing
several bugs and one security issue:
The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0
through 1.2.7 allows user-assisted remote attackers to cause a denial
of service (application crash) via a malformed packet trace file
(CVE-2010-1455).
_______________________________________________________________________
_______________________________________________________________________
Problem Description:
Vulnerabilities have been discovered in wireshark package, which could
lead to application crash via radius, infiniband and afs dissectors
(CVE-2009-2560, CVE-2009-2562, CVE-2009-2563).
This update provides a fix for those vulnerabilities.
_______________________________________________________________________
Problem Description:
This advisory updates wireshark to the latest 1.2.5 version, fixing
several bugs and two security issues:
- The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through
1.2.4 allow remote attackers to cause a denial of service (crash)
via a crafted packet (CVE-2009-4377)
- Buffer overflow in the daintree_sna_read function in the Daintree SNA
file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
remote attackers to obtain system information and possibly bypass
firewall rules.
CVE-2007-6114 11/23/2007 Multiple buffer overflows in Wireshark
(formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code
via (1) the SSL dissector or (2) the iSeries (OS/400) Communication
trace file parser.
CVE-2008-0694 02/11/2008 Cross-site scripting (XSS) vulnerability in the
HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to
inject arbitrary web script or HTML via the Expect HTTP header.
Problem Description:
A vulnerability has been found and corrected in wireshark:
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark
0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers
to cause a denial of service (memory and CPU consumption) via malformed
OPCUA Service CallRequest packets (CVE-2009-3241).
This update fixes this vulnerability.
Description
===========
Multiple buffer overflows and infinite loops were discovered in
multiple dissector and parser components, including those for MP3 and
NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and
iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP
(CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP
(CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119),
Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB
Problem Description:
A vulnerability has been identified and corrected in wireshark:
o Unspecified vulnerability in the PCNFSD dissector in Wireshark
0.8.20 through 1.0.7 allows remote attackers to cause a denial of
service (crash) via crafted PCNFSD packets (CVE-2009-1829).
This update provides Wireshark 1.0.8, which is not vulnerable to
this issue.
Windows XP Svchost. The Svchost internals have not been disseminated
into informative elements yet. I have found only one or two analysis
but that wont satisfy my views regarding XP Svchost. The anatomy of
Svchost has got complexity in its own term. This pushes me to write
a specific analysis over it. The analysis provide a structural design
with concept wise dissection. The point is to understand the hidden
artifacts and how it affects the working aspect of prime service host
controller.Every process is disseminated into primary process and
secondary process. In terms related to operating system there is a parent
process and its child. If one look at the implementation scenario then
child processes are undertaken as thread internally. The kernel level
> Windows XP Svchost. The Svchost internals have not been disseminated
> into informative elements yet. I have found only one or two analysis
> but that wont satisfy my views regarding XP Svchost. The anatomy of
> Svchost has got complexity in its own term. This pushes me to write
> a specific analysis over it. The analysis provide a structural design
> with concept wise dissection. The point is to understand the hidden
> artifacts and how it affects the working aspect of prime service host
> controller.Every process is disseminated into primary process and
> secondary process. In terms related to operating system there is a parent
> process and its child. If one look at the implementation scenario then
> child processes are undertaken as thread internally. The kernel level
Vulnerability : integer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-3798
It was discovered that an integer overflow in the BGP dissector of tcpdump,
a powerful tool for network monitoring and data acquisition, may lead to
the execution of arbitrary code.
For the oldstable distribution (sarge) this problem has been fixed in
version 3.8.3-5sarge3.
Next Page>>
|
