Wireshark Denial Of Service And Code Execution Vulnerabilities-01 Mar14 (Windows) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to denial of service and remote code execution vulnerabilities.

Impact

Successful exploitation will allow attackers to cause a DoS (Denial of Service) and compromise a vulnerable system. Impact Level: System/Application

Solution

Upgrade to Wireshark version 1.8.13 or 1.10.6 or later, For updates refer to http://www.wireshark.org/download

Insight

Flaw is due to an error within the NFS dissector (epan/dissectors/packet-nfs.c), RLC dissector (epan/dissectors/packet-rlc) and MPEG parser (wiretap/mpeg.c).

Affected

Wireshark version 1.8.x before 1.8.13 and 1.10.x before 1.10.6 on Windows

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/57265
http://www.osvdb.com/104196
http://www.osvdb.com/104198
http://www.osvdb.com/104199
https://www.wireshark.org/security/wnpa-sec-2014-01.html
https://www.wireshark.org/security/wnpa-sec-2014-03.html
https://www.wireshark.org/security/wnpa-sec-2014-04.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-2281, CVE-2014-2283, CVE-2014-2299
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Sep13 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Aug14 (Windows)
Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)

Wireshark Denial of Service and Code Execution Vulnerabilities-01 Mar14 (Windows)

Take action and discover your vulnerabilities