Summary
This host is installed with Wireshark and is prone to stack consumption vulnerability.
Impact
Successful exploitation will allow attackers to crash the application.
Impact Level: Application
Solution
Upgrade to Wireshark 1.4.1 or 1.2.12 or later.
For updates refer to http://www.wireshark.org/download
Insight
The flaw is due to stack consumption error in the
'dissect_ber_unknown()' function in 'epan/dissectors/packet-ber.c' in the BER dissector, whcih allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown 'ASN.1/BER' encoded packet.
Affected
Wireshark version 1.4.x before 1.4.1 and 1.2.x before 1.2.12
References
Severity
Classification
-
CVE CVE-2010-3445 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Linux)
- Foxit Reader Multiple Buffer Overflow Vulnerabilities
- ScriptFTP 'GETLIST' or 'GETFILE' Commands Remote Buffer Overflow Vulnerability
- KMPlayer '.mp3' File Remote Buffer Overflow Vulnerability
- Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability