Summary
This host is installed with Wireshark and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to crash affected application or to consume excessive CPU resources.
Impact Level: Application
Solution
Upgrade to the Wireshark version 1.6.13, 1.8.5 or later, For updates refer to http://www.wireshark.org/download
Insight
The flaws are due to
- Errors in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors can be exploited to trigger infinite loops and consume CPU resources via specially crafted packets.
- An error in the CLNP, DTN, MS-MMC, DTLS , DCP-ETSI, NTLMSSP and ROHC dissector when processing certain packets can be exploited to cause a crash via a specially crafted packet.
- An error in the dissection engine when processing certain packets can be exploited to cause a crash via a specially crafted packet.
Affected
Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 on Mac OS X
References
- http://secunia.com/advisories/51968
- http://www.wireshark.org/security/wnpa-sec-2013-01.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8037
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8038
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8040
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8041
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8042
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8043
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8198
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8222
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 2.9
AV:A/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities