Summary
This host is installed with Wireshark and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to denial of service or to consume excessive CPU resources.
Impact Level: Application
Solution
Upgrade to the Wireshark version 1.4.15, 1.6.10 or 1.8.2 or later, For updates refer to http://www.wireshark.org/download
Insight
The flaws are due to
- A division by zero error within the DCP ETSI dissector, an error within the STUN dissector and EtherCAT Mailbox dissector can be exploited to cause a crash.
- An error within the RTPS2 dissector can be exploited to cause a buffer overflow.
- An error within the STUN dissector can be exploited to cause a crash.
- An error within the CIP dissector can be exploited to exhaust memory.
- An error within the CTDB dissector, AFP dissector and XTP dissector can be exploited to trigger an infinite loop and consume excessive CPU resources.
Affected
Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10 and 1.8.x before 1.8.2 on Mac OS X
References
- http://secunia.com/advisories/50276/
- http://securitytracker.com/id/1027404
- http://www.wireshark.org/security/wnpa-sec-2012-13.html
- http://www.wireshark.org/security/wnpa-sec-2012-15.html
- http://www.wireshark.org/security/wnpa-sec-2012-17.html
- http://www.wireshark.org/security/wnpa-sec-2012-20.html
- http://www.wireshark.org/security/wnpa-sec-2012-23.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4296 -
CVSS Base Score: 3.3
AV:A/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities