Summary
This host is installed with Wireshark and is prone to denial of service vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause a denial of service.
Impact Level: Application
Solution
Upgrade to the Wireshark version 1.4.14, 1.6.9, 1.8.1 or later, For updates refer to http://www.wireshark.org/download
Insight
Erros within the PPP and 'epan/dissectors/packet-nfs.c' in the NFS dissector can be exploited to cause a crash via specially crafted packets.
Affected
Wireshark versions 1.4.x before 1.4.14,
1.6.x before 1.6.9 and 1.8.x before 1.8.1 on Mac OS X
References
- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=43576&r2=43575&pathrev=43576
- http://secunia.com/advisories/49971
- http://www.securitytracker.com/id/1027293
- http://www.wireshark.org/security/wnpa-sec-2012-11.html
- http://www.wireshark.org/security/wnpa-sec-2012-12.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7436
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-4048, CVE-2012-4049 -
CVSS Base Score: 3.3
AV:A/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Wireshark IKE Packet Denial of Service Vulnerability (Win)
- ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
- Sun VirtualBox or xVM VirtualBox Denial Of Service Vulnerability (Linux)
- Oracle VM VirtualBox Local Denial of Service Vulnerability-01 Oct2013 (Linux)
- Kingsoft Antivirus 'KisKrnl.sys' Driver Denial of Service Vulnerability