Wireshark DOS Vulnerability-02 Sep14 (Mac OS X) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attacker to cause denial of service attack. Impact Level: Application

Solution

Upgrade to Wireshark version 1.12.1 or later, For updates refer to https://www.wireshark.org

Insight

Flaws are due to, - Error in the get_quoted_string and get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector. - The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector does not properly handle a NULL tree.

Affected

Wireshark version 1.12.x before 1.12.1 on Mac OS X

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://www.osvdb.com/111601
http://www.osvdb.com/111602
https://www.wireshark.org/security/wnpa-sec-2014-15.html
https://www.wireshark.org/security/wnpa-sec-2014-16.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-6425, CVE-2014-6426
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

F-PROT AV 'ELF' Header Denial of Service Vulnerability
ejabberd XML Parsing Denial of Service Vulnerability (Windows)
eZ/eZphotoshare Denial of Service
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Windows)
ClamAV Prior to 0.96.5 Multiple Vulnerabilities

Take action and discover your vulnerabilities