Vigil@nce - Wireshark: denials of service
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities of Wireshark can be used by a remote
attacker to create a denial of service.
Severity: 1/4
Creation date: 23/05/2012
IMPACTED PRODUCTS
– Mandriva Linux
– Wireshark
DESCRIPTION OF THE VULNERABILITY
The Wireshark program captures and displays network packets.
Protocols are decoded by dissectors. They are impacted by several
vulnerabilities.
An attacker can generate infinite loops in the ANSI MAP, ASF,
BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP and R3
dissectors. [severity:1/4; BID-53651, CVE-2012-2392,
wnpa-sec-2012-08]
An attacker can send a malformed DIAMETER packet, in order to
generate a memory allocation error. [severity:1/4; BID-53652,
CVE-2012-2393, wnpa-sec-2012-09]
On a SPARC or Itanium processor, an attacker can force the usage
of an unaligned pointer, which stops Wireshark. [severity:1/4;
7221, BID-53653, CVE-2012-2394, wnpa-sec-2012-10]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-denials-of-service-11649