Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Wireshark, several vulnerabilities

September 2008 by Vigil@nce

Several vulnerabilities of Wireshark can be used by a remote
attacker to create a denial of service or to execute code.

 Gravity: 2/4
 Consequences: user access/rights, denial of service of service
 Provenance: intranet client
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Creation date: 04/09/2008
 Identifier: VIGILANCE-VUL-8089

IMPACTED PRODUCTS

 Unix - plateform

DESCRIPTION

The Wireshark/Ethereal program captures packets, in order to help
administrator solving network problems. Protocols are decoded by
dissectors. They have several vulnerabilities.

An attacker can send NCP data in order to generate several buffer
overflows and an infinite loop. [grav:2/4]

A packet containing data compressed by zlib can stop Wireshark.
[grav:1/4]

When a malformed Tektronix .rf5 file is opened, Wireshark stops.
[grav:1/4]

CHARACTERISTICS

 Identifiers: VIGILANCE-VUL-8089
 Url: https://vigilance.aql.fr/tree/1/8089


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts