Vigil@nce: Wireshark 1.2, four vulnerabilities
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities of Wireshark can be used by a remote
attacker to create a denial of service or to execute code.
– Severity: 2/4
– Creation date: 30/07/2010
DESCRIPTION OF THE VULNERABILITY
The Wireshark program captures and displays network packets.
Protocols are decoded by dissectors. They are impacted by several
vulnerabilities.
An attacker can generate a buffer overflow in SigComp Universal
Decompressor Virtual Machine. [severity:2/4; CVE-2010-2287]
An attacker can stop the GSM A RR dissector. [severity:1/4]
An attacker can generate a buffer overflow in the ASN.1 BER
dissector. [severity:2/4; CVE-2010-2284]
An attacker can generate an infinite loop in the IPMI dissector.
[severity:1/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-1-2-four-vulnerabilities-9800