Summary
This host is installed with Wireshark
and is prone to multiple denial-of-service vulnerabilities.
Impact
Successful exploitation will allow
attackers to conduct multiple denial-of-service attacks.
Impact Level: Application
Solution
Upgrade to Wireshark version 1.10.12,
1.12.3 or later, For updates refer to https://www.wireshark.org
Insight
Multiple flaws are due to,
- An error within the SMTP dissector.
- An error within the DEC DNA Routing Protocol dissector.
- An error within the LPP dissector.
- Two errors within the WCCP dissector.
- An error when decypting TLS/SSL sessions.
Affected
Wireshark 1.10.x before 1.10.12 and
1.12.x before 1.12.3 on Windows
Detection
Get the installed version with the
help of detect NVT and check the version is vulnerable or not.
References
- http://osvdb.org/116808
- http://secunia.com/advisories/62020
- https://www.wireshark.org/security/wnpa-sec-2015-01.html
- https://www.wireshark.org/security/wnpa-sec-2015-02.html
- https://www.wireshark.org/security/wnpa-sec-2015-03.html
- https://www.wireshark.org/security/wnpa-sec-2015-04.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2015-0559, CVE-2015-0560, CVE-2015-0561, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- EtherApe RPC Packet Processing Denial of Service Vulnerability
- Active Perl Denial of Service Vulnerability Feb 2014 (Windows)
- ejabberd 'client2server' Message Remote Denial of Service Vulnerability
- Apple Safari Denial of Service Vulnerability (Win) - Apr09
- Beckhoff TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability