SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Wireshark Vendors:   Wireshark.org
Wireshark ATN-CPDLC/WCP/LLDP/TNEF/SCSI OSD Dissector Bugs Let Remote Users Deny Service
SecurityTracker Alert ID:  1031858
SecurityTracker URL:  http://securitytracker.com/id/1031858
CVE Reference:   CVE-2015-2187, CVE-2015-2188, CVE-2015-2189, CVE-2015-2190, CVE-2015-2191, CVE-2015-2192   (Links to External Site)
Date:  Mar 6 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.10.0 to 1.10.12, 1.12.0 to 1.12.3
Description:   Multiple vulnerabilities were reported in Wireshark. A remote user can cause denial of service conditions on the target system.

A remote user can send specially crafted data to cause the target application to crash.

The ATN-CPDLC dissector is affected [CVE-2015-2187]. Versions 1.12.0 to 1.12.3 are affected.

The WCP dissector is affected [CVE-2015-2188].

The pcapng file parser is affected [CVE-2015-2189].

The LLDP dissector is affected [CVE-2015-2190]. Versions 1.12.0 to 1.12.3 are affected.

A remote user can send specially crafted data to cause the target application to enter an infinite loop.

The TNEF dissector is affected [CVE-2015-2191]. Vlad Tsyrklevich reported this vulnerability.

The SCSI OSD dissector is affected [CVE-2015-2192]. Versions 1.12.0 to 1.12.3 are affected. Vlad Tsyrklevich reported this vulnerability.

Impact:   A remote user can cause the target application to crash or enter an infinite loop.
Solution:   The vendor has issued a fix (1.10.13, 1.12.4).

The vendor's advisories are available at:

https://www.wireshark.org/security/wnpa-sec-2015-06.html
https://www.wireshark.org/security/wnpa-sec-2015-07.html
https://www.wireshark.org/security/wnpa-sec-2015-08.html
https://www.wireshark.org/security/wnpa-sec-2015-09.html
https://www.wireshark.org/security/wnpa-sec-2015-10.html
https://www.wireshark.org/security/wnpa-sec-2015-11.html

Vendor URL:  www.wireshark.org/security/wnpa-sec-2015-06.html (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 24 2015 (Red Hat Issues Fix) Wireshark ATN-CPDLC/WCP/LLDP/TNEF/SCSI OSD Dissector Bugs Let Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Jul 29 2015 (Oracle Issues Fix for Oracle Linux) Wireshark ATN-CPDLC/WCP/LLDP/TNEF/SCSI OSD Dissector Bugs Let Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 6.
Nov 24 2015 (Oracle Issues Fix for Oracle Linux) Wireshark ATN-CPDLC/WCP/LLDP/TNEF/SCSI OSD Dissector Bugs Let Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 7.
Nov 25 2015 (Red Hat Issues Fix) Wireshark ATN-CPDLC/WCP/LLDP/TNEF/SCSI OSD Dissector Bugs Let Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC