Vigil@nce - Wireshark 1.12: multiple vulnerabilities
January 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Wireshark 1.12.
Impacted products: Wireshark
Severity: 2/4
Creation date: 08/01/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Wireshark 1.12.
An attacker can send a malicious WCCP packet, in order to trigger
a denial of service. [severity:1/4; CVE-2015-0559, CVE-2015-0560,
wnpa-sec-2015-01]
An attacker can send a malicious LPP packet, in order to trigger a
denial of service. [severity:1/4; CVE-2015-0561, wnpa-sec-2015-02]
An attacker can send a malicious DEC DNA packet, in order to
trigger a denial of service. [severity:1/4; CVE-2015-0562,
wnpa-sec-2015-03]
An attacker can send a malicious SMTP packet, in order to trigger
a denial of service. [severity:1/4; CVE-2015-0563,
wnpa-sec-2015-04]
An attacker can generate a buffer underflow via TLS/SSL, in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; CVE-2015-0564, wnpa-sec-2015-05]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-1-12-multiple-vulnerabilities-15914