Vigil@nce - Wireshark 2: eighteen vulnerabilities
April 2016 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Wireshark 2.
Impacted products: Solaris, Wireshark.
Severity: 2/4.
Creation date: 29/02/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Wireshark 2.
An attacker can use a DLL Hijacking vulnerability, in order to run
code. [severity:2/4; CVE-2016-2521, wnpa-sec-2016-01]
An attacker can send a malicious ASN.1 BER packet, in order to
trigger a denial of service. [severity:2/4; CVE-2016-2522,
wnpa-sec-2016-02]
An attacker can generate an infinite loop in DNP3, in order to
trigger a denial of service. [severity:2/4; CVE-2016-2523,
wnpa-sec-2016-03]
An attacker can send a malicious X.509AF packet, in order to
trigger a denial of service. [severity:2/4; CVE-2016-2524,
wnpa-sec-2016-04]
An attacker can send a malicious HTTP/2 packet, in order to
trigger a denial of service. [severity:2/4; CVE-2016-2525,
wnpa-sec-2016-05]
An attacker can send a malicious HiQnet packet, in order to
trigger a denial of service. [severity:2/4; CVE-2016-2526,
wnpa-sec-2016-06]
An attacker can trigger a fatal error in 3GPP TS 32.423 Trace, in
order to trigger a denial of service. [severity:1/4;
CVE-2016-2527, wnpa-sec-2016-07]
An attacker can send a malicious LBMC packet, in order to trigger
a denial of service. [severity:2/4; CVE-2016-2528,
wnpa-sec-2016-08]
An attacker can trigger a fatal error in iSeries, in order to
trigger a denial of service. [severity:1/4; CVE-2015-2529,
wnpa-sec-2016-09]
An attacker can send a malicious RSL packet, in order to trigger a
denial of service. [severity:2/4; CVE-2016-2530, CVE-2016-2531,
wnpa-sec-2016-10]
An attacker can send a malicious LLRP packet, in order to trigger
a denial of service. [severity:2/4; CVE-2016-2532,
wnpa-sec-2016-11]
An attacker can trigger a fatal error in Ixia IxVeriWave, in order
to trigger a denial of service. [severity:1/4; wnpa-sec-2016-12]
An attacker can send a malicious IEEE 802.11 packet, in order to
trigger a denial of service. [severity:2/4; wnpa-sec-2016-13]
An attacker can send a malicious GSM A-bis OML packet, in order to
trigger a denial of service. [severity:2/4; wnpa-sec-2016-14]
An attacker can send a malicious ASN.1 BER packet, in order to
trigger a denial of service. [severity:2/4; wnpa-sec-2016-15]
An attacker can generate an infinite loop in SPICE, in order to
trigger a denial of service. [severity:1/4; wnpa-sec-2016-16]
An attacker can send a malicious NFS packet, in order to trigger a
denial of service. [severity:2/4; wnpa-sec-2016-17]
An attacker can send a malicious ASN.1 BER packet, in order to
trigger a denial of service. [severity:2/4; wnpa-sec-2016-18]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Wireshark-2-eighteen-vulnerabilities-19042