Vigil@nce - Wireshark 1.10: multiple vulnerabilities
January 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Wireshark 1.10.
Impacted products: MBS, Wireshark
Severity: 2/4
Creation date: 08/01/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Wireshark 1.10.
An attacker can send a malicious DEC DNA packet, in order to
trigger a denial of service. [severity:1/4; CVE-2015-0562,
wnpa-sec-2015-03]
An attacker can send a malicious SMTP packet, in order to trigger
a denial of service. [severity:1/4; CVE-2015-0563,
wnpa-sec-2015-04]
An attacker can generate a buffer underflow via TLS/SSL, in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; CVE-2015-0564, wnpa-sec-2015-05]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-1-10-multiple-vulnerabilities-15915