Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в снифере WireShark
Опубликовано:29 ноября 2007 г.
Источник:
SecurityVulns ID:8386
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе SSL, DoS условия при разборе HTTP, MEGACO, Bluetooth SDP, RPC.
Затронутые продукты:WIRESHARK : wireshark 0.99
CVE:CVE-2007-6121 (Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.)
 CVE-2007-6120 (The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.)
 CVE-2007-6118 (The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.)
 CVE-2007-6117 (Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote attack vectors related to chunked messages.)
 CVE-2007-6114 (Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1414-1] New wireshark packages fix several vulnerabilities (29.11.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород