Vigil@nce - Wireshark 1: seven vulnerabilities
April 2016 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Wireshark 1.
Impacted products: Debian, openSUSE, openSUSE Leap, Solaris,
Wireshark.
Severity: 2/4.
Creation date: 29/02/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Wireshark 1.
An attacker can use a DLL Hijacking vulnerability, in order to run
code. [severity:2/4; CVE-2016-2521, wnpa-sec-2016-01]
An attacker can generate an infinite loop in DNP3, in order to
trigger a denial of service. [severity:2/4; CVE-2016-2523,
wnpa-sec-2016-03]
An attacker can send a malicious RSL packet, in order to trigger a
denial of service. [severity:2/4; CVE-2016-2530, CVE-2016-2531,
wnpa-sec-2016-10]
An attacker can send a malicious LLRP packet, in order to trigger
a denial of service. [severity:2/4; CVE-2016-2532,
wnpa-sec-2016-11]
An attacker can send a malicious GSM A-bis OML packet, in order to
trigger a denial of service. [severity:2/4; wnpa-sec-2016-14]
An attacker can send a malicious ASN.1 BER packet, in order to
trigger a denial of service. [severity:2/4; wnpa-sec-2016-15]
An attacker can send a malicious ASN.1 BER packet, in order to
trigger a denial of service. [severity:2/4; wnpa-sec-2016-18]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Wireshark-1-seven-vulnerabilities-19043