Vigil@nce - Wireshark: multiple vulnerabilities
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Wireshark.
– Impacted products: Debian, Fedora, openSUSE, Wireshark
– Severity: 2/4
– Creation date: 04/11/2013
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Wireshark.
An attacker can send IEEE 802.15.4 data, in order to trigger a
denial of service. [severity:2/4; BID-63503, CVE-2013-6336,
wnpa-sec-2013-61]
An attacker can send NBAP data, in order to trigger a denial of
service. [severity:2/4; BID-63504, CVE-2013-6337, wnpa-sec-2013-62]
An attacker can send SIP data, in order to trigger a denial of
service. [severity:2/4; BID-63502, CVE-2013-6338, wnpa-sec-2013-63]
An attacker can send OpenWire data, in order to generate a large
loop, to trigger denial of service. [severity:2/4; BID-63501,
CVE-2013-6339, wnpa-sec-2013-64]
An attacker can send TCP data, in order to trigger a denial of
service. [severity:2/4; BID-63500, CVE-2013-6340, wnpa-sec-2013-65]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-multiple-vulnerabilities-13688