Summary
The host is installed with Wireshark and is prone to denial of service vulnerability.
Impact
Successful exploitation could allow attackers to cause a denial of service via via a malformed packet.
Impact Level: Application
Solution
Upgrade to the Wireshark version 1.6.3 or later,
For updates refer to http://www.wireshark.org/download.html
Insight
The flaw is due to an error in csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector, which fails to initialize a certain variable.
Affected
Wireshark version 1.6.x before 1.6.3
References
- http://anonsvn.wireshark.org/viewvc?view=revision&revision=39140
- http://openwall.com/lists/oss-security/2011/11/01/9
- http://www.wireshark.org/security/wnpa-sec-2011-17.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
- https://bugzilla.redhat.com/show_bug.cgi?id=750643
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-4100 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Firefox XUL Parsing Denial of Service Vulnerability (Linux)
- Asterisk T.38 Negotiation Remote Denial Of Service Vulnerability
- Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
- Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)
- DNS Amplification Attacks