Wireshark Multiple Denial Of Service Vulnerabilities - July 12 (Mac OS X) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to multiple denial of service vulnerabilities.

Impact

Successful exploitation will allow remote attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to the Wireshark version 1.4.13, 1.6.8 or later, For updates refer to http://www.wireshark.org/download

Insight

- Errors in the ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 dissectors can be exploited to cause infinite loops via specially crafted packets. - An error in the DIAMETER dissector does not properly allocate memory and can be exploited to cause a crash via a specially crafted packet.

Affected

Wireshark versions 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on Mac OS X

References

http://secunia.com/advisories/49226/
http://www.wireshark.org/security/wnpa-sec-2012-08.html
http://www.wireshark.org/security/wnpa-sec-2012-09.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7138

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2392, CVE-2012-2393, CVE-2012-3825, CVE-2012-3826
CVSS Base Score: 3.3
AV:A/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

PHP pdo_sql_parser.re 'PDO' extension DoS vulnerability (Windows)
Wireshark IEEE 802.11 Dissector Denial of Service Vulnerability (Mac OS X)
smallftpd 1.0.3
Sun VirtualBox or xVM VirtualBox Denial Of Service Vulnerability (Linux)
Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows)

Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Mac OS X)

Take action and discover your vulnerabilities