Wireshark GSM SMS, PANA, KISMET, RTMPT, and syslog Dissector Bugs Let Remote Users Deny Service
|
SecurityTracker Alert ID: 1020404 |
SecurityTracker URL: http://securitytracker.com/id/1020404
|
CVE Reference:
CVE-2008-3137, CVE-2008-3138, CVE-2008-3139, CVE-2008-3140, CVE-2008-3141
(Links to External Site)
|
Updated: Sep 13 2012
|
Original Entry Date: Jul 1 2008
|
Impact:
Denial of service via network, Disclosure of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.0.1
|
Description:
A vulnerability was reported in Wireshark. A remote user can cause denial of service conditions or obtain system memory contents.
A remote user can send specially crafted data to cause the target service to crash.
The GSM SMS dissector is affected on versions 0.99.2 through 1.0.0.
The PANA and KISMET dissectors are affected on versions 0.99.3 through 1.0.0.
The RTMPT dissector is affected on versions 0.99.8 through 1.0.0.
The syslog dissector is affected in version 1.0.0.
A user can cause the RMI dissector to disclose system memory on versions 0.9.5 through 1.0.0.
Noam Rathaus reported the RMI dissector vulnerability.
|
Impact:
A remote user can cause Wireshark to crash.
A user may be able to obtain portions of system memory contents.
|
Solution:
The vendor has issued a fix (1.0.1).
The vendor's advisory is available at:
http://www.wireshark.org/security/wnpa-sec-2008-03.html
|
Vendor URL: www.wireshark.org/security/wnpa-sec-2008-03.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|