Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в снифере Wireshart
дополнено с 14 июня 2010 г.
Опубликовано:14 сентября 2010 г.
Источник:
SecurityVulns ID:10928
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные DoS условия, переполнение буфера.
Затронутые продукты:WIRESHARK : Wireshark 1.2
 WIRESHARK : Wireshark 1.4
CVE:CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.)
 CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.)
 CVE-2010-2287 (Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.)
 CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.)
 CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.)
 CVE-2010-2284 (Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.)
 CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.)
Оригинальный текстdocumentyangdn_(at)_nipc.org.cn, Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service (14.09.2010)
 documentDEBIAN, [SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities (02.09.2010)
 documentMANDRIVA, [ MDVSA-2010:113 ] wireshark (14.06.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород