SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Wireshark Vendors:   Wireshark.org
Wireshark GSM SMS, PANA, KISMET, RTMPT, and syslog Dissector Bugs Let Remote Users Deny Service
SecurityTracker Alert ID:  1020404
SecurityTracker URL:  http://securitytracker.com/id/1020404
CVE Reference:   CVE-2008-3137, CVE-2008-3138, CVE-2008-3139, CVE-2008-3140, CVE-2008-3141   (Links to External Site)
Updated:  Sep 13 2012
Original Entry Date:  Jul 1 2008
Impact:   Denial of service via network, Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.0.1
Description:   A vulnerability was reported in Wireshark. A remote user can cause denial of service conditions or obtain system memory contents.

A remote user can send specially crafted data to cause the target service to crash.

The GSM SMS dissector is affected on versions 0.99.2 through 1.0.0.

The PANA and KISMET dissectors are affected on versions 0.99.3 through 1.0.0.

The RTMPT dissector is affected on versions 0.99.8 through 1.0.0.

The syslog dissector is affected in version 1.0.0.

A user can cause the RMI dissector to disclose system memory on versions 0.9.5 through 1.0.0.

Noam Rathaus reported the RMI dissector vulnerability.

Impact:   A remote user can cause Wireshark to crash.

A user may be able to obtain portions of system memory contents.

Solution:   The vendor has issued a fix (1.0.1).

The vendor's advisory is available at:

http://www.wireshark.org/security/wnpa-sec-2008-03.html

Vendor URL:  www.wireshark.org/security/wnpa-sec-2008-03.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC