Denial of Service : Wireshark Multiple Denial of Service Vulnerabilities-04 (Aug 2016)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.809102

Categoría: Denial of Service

Título: Wireshark Multiple Denial of Service Vulnerabilities-04 (Aug 2016) - Windows

Resumen: Wireshark is prone to multiple denial of service vulnerabilities.

Descripción: Summary:
Wireshark is prone to multiple denial of service vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- The 'epan/dissectors/packet-dcerpc-spoolss.c' script omits in the SPOOLS
component mishandles unexpected offsets.

- The 'epan/crypt/airpdcap.c' in the IEEE 802.11 dissector mishandles the
lack of an EAPOL_RSN_KEY.

- The 'epan/dissectors/packet-umts_fp.c' in the UMTS FP dissector mishandles
the reserved C/T value.

- The 'USB subsystem' mishandles class types.

- The 'wiretap/toshiba.c' in the Toshiba file parser mishandles sscanf
unsigned-integer processing.

- The 'wiretap/cosine.c' in the CoSine file parser mishandles sscanf
unsigned-integer processing.

- The 'wiretap/netscreen.c' in the NetScreen file parser mishandles sscanf
unsigned-integer processing.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to conduct denial of service attack.

Affected Software/OS:
Wireshark version 2.0.x before 2.0.4
and 1.12.x before 1.12.12 on Windows.

Solution:
Upgrade to Wireshark version 2.0.4 or
1.12.12 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5357
BugTraq ID: 91140
http://www.securityfocus.com/bid/91140
Debian Security Information: DSA-3615 (Google Search)
http://www.debian.org/security/2016/dsa-3615
http://www.openwall.com/lists/oss-security/2016/06/09/3
Common Vulnerability Exposure (CVE) ID: CVE-2016-5356
Common Vulnerability Exposure (CVE) ID: CVE-2016-5355
Common Vulnerability Exposure (CVE) ID: CVE-2016-5354
Common Vulnerability Exposure (CVE) ID: CVE-2016-5353
Common Vulnerability Exposure (CVE) ID: CVE-2016-5351
Common Vulnerability Exposure (CVE) ID: CVE-2016-5350

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.809102
Categoría:	Denial of Service
Título:	Wireshark Multiple Denial of Service Vulnerabilities-04 (Aug 2016) - Windows
Resumen:	Wireshark is prone to multiple denial of service vulnerabilities.
Descripción:	Summary: Wireshark is prone to multiple denial of service vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - The 'epan/dissectors/packet-dcerpc-spoolss.c' script omits in the SPOOLS component mishandles unexpected offsets. - The 'epan/crypt/airpdcap.c' in the IEEE 802.11 dissector mishandles the lack of an EAPOL_RSN_KEY. - The 'epan/dissectors/packet-umts_fp.c' in the UMTS FP dissector mishandles the reserved C/T value. - The 'USB subsystem' mishandles class types. - The 'wiretap/toshiba.c' in the Toshiba file parser mishandles sscanf unsigned-integer processing. - The 'wiretap/cosine.c' in the CoSine file parser mishandles sscanf unsigned-integer processing. - The 'wiretap/netscreen.c' in the NetScreen file parser mishandles sscanf unsigned-integer processing. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct denial of service attack. Affected Software/OS: Wireshark version 2.0.x before 2.0.4 and 1.12.x before 1.12.12 on Windows. Solution: Upgrade to Wireshark version 2.0.4 or 1.12.12 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5357 BugTraq ID: 91140 http://www.securityfocus.com/bid/91140 Debian Security Information: DSA-3615 (Google Search) http://www.debian.org/security/2016/dsa-3615 http://www.openwall.com/lists/oss-security/2016/06/09/3 Common Vulnerability Exposure (CVE) ID: CVE-2016-5356 Common Vulnerability Exposure (CVE) ID: CVE-2016-5355 Common Vulnerability Exposure (CVE) ID: CVE-2016-5354 Common Vulnerability Exposure (CVE) ID: CVE-2016-5353 Common Vulnerability Exposure (CVE) ID: CVE-2016-5351 Common Vulnerability Exposure (CVE) ID: CVE-2016-5350
Copyright	Copyright (C) 2016 Greenbone AG