Denial of Service : Wireshark Multiple Denial of Service Vulnerabilities-01 (Aug 2014)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.804800

Kategorie: Denial of Service

Titel: Wireshark Multiple Denial of Service Vulnerabilities-01 (Aug 2014) - Windows

Zusammenfassung: Wireshark is prone to multiple denial of service vulnerabilities.

Beschreibung: Summary:
Wireshark is prone to multiple denial of service vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- An error in 'dissect_log' function in plugins/irda/packet-irda.c within the
ASN.1 BER dissector.

- An error in 'read_new_line' function in wiretap/catapult_dct2000.c within the
Catapult DCT2000 dissector.

- An error in 'APN decode' functionality in epan/dissectors/packet-gtp.c and
epan/dissectors/packet-gsm_a_gm.c within the GTP and GSM Management dissectors.

- An error in 'rlc_decode_li' function in epan/dissectors/packet-rlc.c within
the RLC dissector.

- An error in 'dissect_ber_constrained_bitstring' function in
epan/dissectors/packet-ber.c within the ASN.1 BER dissector.

Vulnerability Impact:
Successful exploitation will allow attackers to conduct a DoS (Denial of
Service).

Affected Software/OS:
Wireshark version 1.10.x before 1.10.9 on Windows

Solution:
Upgrade to Wireshark version 1.10.9 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-5161
Debian Security Information: DSA-3002 (Google Search)
http://www.debian.org/security/2014/dsa-3002
http://secunia.com/advisories/57593
SuSE Security Announcement: SUSE-SU-2014:1221 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html
SuSE Security Announcement: openSUSE-SU-2014:1038 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html
SuSE Security Announcement: openSUSE-SU-2014:1249 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-5162
Common Vulnerability Exposure (CVE) ID: CVE-2014-5163
Common Vulnerability Exposure (CVE) ID: CVE-2014-5164
Common Vulnerability Exposure (CVE) ID: CVE-2014-5165

Copyright Copyright (C) 2014 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.804800
Kategorie:	Denial of Service
Titel:	Wireshark Multiple Denial of Service Vulnerabilities-01 (Aug 2014) - Windows
Zusammenfassung:	Wireshark is prone to multiple denial of service vulnerabilities.
Beschreibung:	Summary: Wireshark is prone to multiple denial of service vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An error in 'dissect_log' function in plugins/irda/packet-irda.c within the ASN.1 BER dissector. - An error in 'read_new_line' function in wiretap/catapult_dct2000.c within the Catapult DCT2000 dissector. - An error in 'APN decode' functionality in epan/dissectors/packet-gtp.c and epan/dissectors/packet-gsm_a_gm.c within the GTP and GSM Management dissectors. - An error in 'rlc_decode_li' function in epan/dissectors/packet-rlc.c within the RLC dissector. - An error in 'dissect_ber_constrained_bitstring' function in epan/dissectors/packet-ber.c within the ASN.1 BER dissector. Vulnerability Impact: Successful exploitation will allow attackers to conduct a DoS (Denial of Service). Affected Software/OS: Wireshark version 1.10.x before 1.10.9 on Windows Solution: Upgrade to Wireshark version 1.10.9 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5161 Debian Security Information: DSA-3002 (Google Search) http://www.debian.org/security/2014/dsa-3002 http://secunia.com/advisories/57593 SuSE Security Announcement: SUSE-SU-2014:1221 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html SuSE Security Announcement: openSUSE-SU-2014:1038 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-08/msg00025.html SuSE Security Announcement: openSUSE-SU-2014:1249 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html Common Vulnerability Exposure (CVE) ID: CVE-2014-5162 Common Vulnerability Exposure (CVE) ID: CVE-2014-5163 Common Vulnerability Exposure (CVE) ID: CVE-2014-5164 Common Vulnerability Exposure (CVE) ID: CVE-2014-5165
Copyright	Copyright (C) 2014 Greenbone AG