Summary
This host is installed with Wireshark and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code in the context of the application, to crash the affected application, or to consume excessive CPU resources.
Impact Level: System/Application
Solution
Upgrade to the Wireshark version 1.8.3 or later,
For updates refer to http://www.wireshark.org/download
Insight
Errors in the HSRP, PPP and LDP dissectors when processing certain packets can be exploited to cause an infinite loop and consume CPU resources or a buffer overflow.
Affected
Wireshark versions 1.8.x prior to 1.8.3 on Mac OS X
References
- http://secunia.com/advisories/50843/
- http://www.osvdb.org/85884
- http://www.wireshark.org/security/wnpa-sec-2012-26.html
- http://www.wireshark.org/security/wnpa-sec-2012-27.html
- http://www.wireshark.org/security/wnpa-sec-2012-29.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7581
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7668
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-5237, CVE-2012-5238, CVE-2012-5240 -
CVSS Base Score: 5.8
AV:A/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X)
- Apple Safari 'background' Remote Denial Of Service Vulnerability
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Windows)
- Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)