Vigil@nce - Wireshark 1.8: four vulnerabilities
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities of Wireshark can be used by a remote
attacker to create a denial of service or to execute code.
Impacted products: openSUSE, Wireshark
Severity: 2/4
Creation date: 03/10/2012
DESCRIPTION OF THE VULNERABILITY
The Wireshark program captures and displays network packets.
Protocols are decoded by dissectors. They are impacted by several
vulnerabilities.
An attacker can generate an infinite loop in the HSRP dissector.
[severity:1/4; CVE-2012-5237, wnpa-sec-2012-26]
An attacker can stop the PPP dissector. [severity:1/4;
CVE-2012-5238, wnpa-sec-2012-27]
An attacker can generate an infinite loop in the DRDA dissector
(VIGILANCE-VUL-11904 (https://vigilance.fr/tree/1/11904)).
[severity:1/4; BID-55284, CVE-2012-3548, CVE-2012-5239-REJECT,
wnpa-sec-2012-28]
An attacker can generate a buffer overflow in the LDP dissector.
[severity:2/4; CVE-2012-5240, wnpa-sec-2012-29]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-1-8-four-vulnerabilities-11992