Wireshark IPMI Dissector Denial Of Service Vulnerability (Win) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to IPMI Dissector Denial of Service vulnerability.

Impact

Successful exploitation will allow attackers to cause Denial of Serivce condition by tricking the user into reading a malformed packet trace file. Impact Level: System/Application

Solution

Upgrade to Wireshark version 1.2.5, http://www.wireshark.org/download.html

Insight

This flaw is due to an error in the IPMI dissector while formatting date/time using strftime.

Affected

Wireshark version 1.2.0 to 1.2.4 on Windows.

References

http://secunia.com/advisories/37842
http://www.vupen.com/english/advisories/2009/3596
http://www.wireshark.org/security/wnpa-sec-2009-09.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4319

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4378
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ClamAV 'parseicon()' Denial Of Service Vulnerability
Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux
eZ/eZphotoshare Denial of Service
Active Perl Denial of Service Vulnerability Feb 2014 (Windows)
Cogent DataHub Integer Overflow Vulnerability

Wireshark IPMI Dissector Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities