Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Wireshark 1.6, five vulnerabilities

April 2012 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service or to execute code.

- Severity: 2/4
- Creation date: 28/03/2012

IMPACTED PRODUCTS

- Mandriva Linux
- Wireshark

DESCRIPTION OF THE VULNERABILITY

The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.

An attacker can force the ANSI-A dissector to dereference a NULL pointer. [severity:1/4; BID-52735, CVE-2012-1593, wnpa-sec-2012-04]

An attacker can generate an infinite loop in the IEEE 802.11 dissector. [severity:1/4; BID-52738, CVE-2012-1594, wnpa-sec-2012-05]

An attacker can create ERF data which stops the pcap and pcap-ng parsers. [severity:2/4; BID-52737, CVE-2012-1595, wnpa-sec-2012-06]

An attacker can generate an allocation error in the MP2T dissector, in order to stop it. [severity:1/4; BID-52736, CVE-2012-1596, wnpa-sec-2012-07]

An attacker can use invalid ASN.1 DER data, which generate an overflow in applications linked to GNU Libtasn1, and leads to a denial of service or to code execution (VIGILANCE-VUL-11466). [severity:2/4; BID-52668, CVE-2012-1569]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/W...


See previous articles

    

See next articles