Vigil@nce - Wireshark: ten vulnerabilities
June 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Wireshark.
– Impacted products: Debian, openSUSE, openSUSE Leap, Solaris,
Wireshark.
– Severity: 2/4.
– Creation date: 25/04/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Wireshark.
An attacker can send a malicious NCP packet, in order to trigger a
denial of service. [severity:2/4; CVE-2016-4076, wnpa-sec-2016-19]
An attacker can trigger a fatal error in TShark, in order to
trigger a denial of service. [severity:2/4; CVE-2016-4077,
wnpa-sec-2016-20]
An attacker can send a malicious IEEE 802.11 packet, in order to
trigger a denial of service. [severity:2/4; CVE-2016-4078,
wnpa-sec-2016-21]
An attacker can send a malicious PKTC packet, in order to trigger
a denial of service. [severity:2/4; CVE-2016-4079,
wnpa-sec-2016-22]
An attacker can send a malicious PKTC packet, in order to trigger
a denial of service. [severity:2/4; CVE-2016-4080,
wnpa-sec-2016-23]
An attacker can send a malicious IAX2 packet, in order to trigger
a denial of service. [severity:2/4; CVE-2016-4081,
wnpa-sec-2016-24]
An attacker can trigger a fatal error, in order to trigger a
denial of service. [severity:2/4; CVE-2016-4006, wnpa-sec-2016-25]
An attacker can send a malicious GSM CBCH packet, in order to
trigger a denial of service. [severity:2/4; CVE-2016-4082,
wnpa-sec-2016-26]
An attacker can send a malicious MS-WSP packet, in order to
trigger a denial of service. [severity:2/4; CVE-2016-4083,
CVE-2016-4084, wnpa-sec-2016-27]
An attacker can send a malicious NCP packet, in order to trigger a
denial of service. [severity:2/4; CVE-2016-4085, wnpa-sec-2016-28]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Wireshark-ten-vulnerabilities-19454