Vigil@nce: Wireshark, denials of service
April 2009 by Vigil@nce
Several vulnerabilities of Wireshark can be used by a remote
attacker to create a denial of service.
– Severity: 1/4
– Consequences: denial of service of service
– Provenance: internet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 3
– Creation date: 09/04/2009
IMPACTED PRODUCTS
– Mandriva Corporate
– Mandriva Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Wireshark program captures and displays network packets.
Protocols are decoded by dissectors. They have several
vulnerabilities.
An attacker can use a LDAP packet in order to stop Wireshark under
Windows. [grav:1/4; CVE-2009-1267]
An attacker can use a CPHAP (Check Point High-Availability
Protocol) packet in order to stop Wireshark. [grav:1/4;
CVE-2009-1268]
An attacker can create a malicious Tektronix .rf5 file in order to
stop Wireshark. [grav:1/4; CVE-2009-1269]
CHARACTERISTICS
– Identifiers: CVE-2009-1267, CVE-2009-1268, CVE-2009-1269,
MDVSA-2009:088, VIGILANCE-VUL-8616
– Url: http://vigilance.fr/vulnerability/Wireshark-denials-of-service-8616