Vigil@nce - Wireshark: multiple vulnerabilities
September 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Wireshark.
– Impacted products: Debian, Fedora, openSUSE, openSUSE Leap,
Wireshark.
– Severity: 2/4.
– Creation date: 28/07/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Wireshark.
An attacker can send a malicious CORBA IDL packet, in order to
trigger a denial of service. [severity:2/4; CVE-2016-6503,
wnpa-sec-2016-39]
An attacker can send a malicious NDS packet, in order to trigger a
denial of service. [severity:2/4; CVE-2016-6504, wnpa-sec-2016-40]
An attacker can send a malicious PacketBB packet, in order to
trigger a denial of service. [severity:2/4; CVE-2016-6505,
wnpa-sec-2016-41]
An attacker can generate an infinite loop via WSP, in order to
trigger a denial of service. [severity:2/4; CVE-2016-6506,
wnpa-sec-2016-42]
An attacker can generate an infinite loop via MMSE, in order to
trigger a denial of service. [severity:2/4; CVE-2016-6507,
wnpa-sec-2016-43]
An attacker can generate an infinite loop via RLC, in order to
trigger a denial of service. [severity:2/4; CVE-2016-6508,
wnpa-sec-2016-44]
An attacker can send a malicious LDSS packet, in order to trigger
a denial of service. [severity:2/4; CVE-2016-6509,
wnpa-sec-2016-45]
An attacker can send a malicious RLC packet, in order to trigger a
denial of service. [severity:2/4; CVE-2016-6510, wnpa-sec-2016-46]
An attacker can generate an infinite loop via OpenFlow, in order
to trigger a denial of service. [severity:2/4; CVE-2016-6511,
wnpa-sec-2016-47]
An attacker can generate an infinite loop via MMSE, WAP, WBXML,
and WSP, in order to trigger a denial of service. [severity:2/4;
CVE-2016-6512, wnpa-sec-2016-48]
An attacker can send a malicious WBXML packet, in order to trigger
a denial of service. [severity:2/4; CVE-2016-6513,
wnpa-sec-2016-49]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Wireshark-multiple-vulnerabilities-20242