SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Wireshark Vendors:   Wireshark.org
(Oracle Issues Fix for Solaris) Wireshark Multiple Bugs Let Remote Users Deny Service
SecurityTracker Alert ID:  1029094
SecurityTracker URL:  http://securitytracker.com/id/1029094
CVE Reference:   CVE-2013-4083   (Links to External Site)
Date:  Sep 26 2013
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.6.16 and 1.8.8
Description:   Multiple vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions.

A remote user can send specially crafted data to cause the target service to hang or crash.

The dissect_capwap_data() function in 'epan/dissectors/packet-capwap.c' in the CAPWAP dissector is affected [CVE-2013-4074].

'epan/dissectors/packet-gmr1_bcch.c' in the GMR-1 BCCH dissector is affected [CVE-2013-4075]. Only version 1.8.x is affected.

The dissect_iphc_crtp_fh() function in 'epan/dissectors/packet-ppp.c' in the PPP dissector is affected [CVE-2013-4076]. Only version 1.8.x is affected.

The NBAP dissector is affected by an array index error [CVE-2013-4077]. Only version 1.8.x is affected.

'epan/dissectors/packet-rdp.c' in the RDP dissector is affected [CVE-2013-4078]. Only version 1.8.x is affected.

The dissect_schedule_message() function in 'epan/dissectors/packet-gsm_cbch.c' in the GSM CBCH dissector is affected [CVE-2013-4079]. Only version 1.8.x is affected.

The dissect_r3_upstreamcommand_queryconfig() function in 'epan/dissectors/packet-assa_r3.c' in the Assa Abloy R3 dissector is affected [CVE-2013-4080]. Only version 1.8.x is affected.

The http_payload_subdissector() function in 'epan/dissectors/packet-http.c' in the HTTP dissector is affected [CVE-2013-4081].

The vwr_read() function in 'wiretap/vwr.c' in the Ixia IxVeriWave file parser is affected [CVE-2013-4082]. Only version 1.8.x is affected.

The dissect_pft() function in 'epan/dissectors/packet-dcp-etsi.c' in the DCP ETSI dissector is affected [CVE-2013-4083].

Impact:   A remote user can cause the target service to hang or crash.
Solution:   Oracle has issued a fix for CVE-2013-4083 for Solaris.

The Oracle advisory is available at:

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark5

Vendor URL:  www.wireshark.org/ (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  11.1

Message History:   This archive entry is a follow-up to the message listed below.
Jun 11 2013 Wireshark Multiple Bugs Let Remote Users Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC