Vigil@nce - Wireshark: eleven vulnerabilities
December 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities of Wireshark can be used by a remote
attacker to create a denial of service.
– Impacted products: openSUSE, Wireshark
– Severity: 2/4
– Creation date: 29/11/2012
DESCRIPTION OF THE VULNERABILITY
The Wireshark program captures and displays network packets.
Protocols are decoded by dissectors. They are impacted by several
vulnerabilities.
An attacker can get private information via host name resolution.
[severity:1/4; CVE-2012-5592-REJECT, CVE-2012-6052,
wnpa-sec-2012-30]
An attacker can generate an infinite loop in the USB dissector.
[severity:1/4; CVE-2012-5593-REJECT, CVE-2012-6053,
wnpa-sec-2012-31]
An attacker can generate an infinite loop in the sFlow dissector.
[severity:1/4; CVE-2012-5594-REJECT, CVE-2012-6054,
wnpa-sec-2012-32]
An attacker can generate an infinite loop in the SCTP dissector.
[severity:1/4; CVE-2012-5595-REJECT, CVE-2012-6056,
wnpa-sec-2012-33]
An attacker can generate an infinite loop in the EIGRP dissector.
[severity:1/4; CVE-2012-5596-REJECT, CVE-2012-6057,
wnpa-sec-2012-34]
An attacker can halt Wireshark via the ISAKMP dissector.
[severity:2/4; CVE-2012-5597-REJECT, CVE-2012-6059,
wnpa-sec-2012-35]
An attacker can generate an infinite loop in the iSCSI dissector.
[severity:1/4; CVE-2012-5598-REJECT, CVE-2012-6060,
wnpa-sec-2012-36]
An attacker can generate an infinite loop in the WTP dissector.
[severity:1/4; CVE-2012-5599-REJECT, CVE-2012-6061,
wnpa-sec-2012-37]
An attacker can generate an infinite loop in the RTCP dissector.
[severity:1/4; CVE-2012-5600-REJECT, CVE-2012-6062,
wnpa-sec-2012-38]
An attacker can generate an infinite loop in the 3GPP2 A11
dissector. [severity:1/4; CVE-2012-5601-REJECT, CVE-2012-6055,
wnpa-sec-2012-39]
An attacker can generate an infinite loop in the ICMPv6 dissector.
[severity:1/4; CVE-2012-5602-REJECT, CVE-2012-6058,
wnpa-sec-2012-40]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-eleven-vulnerabilities-12192