Vigil@nce - Wireshark: multiple vulnerabilities
October 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Wireshark.
Impacted products: Fedora, MBS, openSUSE, SUSE Linux Enterprise
Desktop, SLES, Wireshark
Severity: 2/4
Creation date: 17/09/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Wireshark.
An attacker can send a malicious RTP packet, in order to trigger a
denial of service. [severity:2/4; CVE-2014-6421, CVE-2014-6422,
wnpa-sec-2014-12]
An attacker can generate an infinite loop in MEGACO, in order to
trigger a denial of service. [severity:2/4; CVE-2014-6423,
wnpa-sec-2014-13]
An attacker can send a malicious Netflow packet, in order to
trigger a denial of service. [severity:2/4; CVE-2014-6424,
wnpa-sec-2014-14]
An attacker can send a malicious CUPS packet, in order to trigger
a denial of service. [severity:2/4; CVE-2014-6425,
wnpa-sec-2014-15]
An attacker can generate an infinite loop in HIP, in order to
trigger a denial of service. [severity:2/4; CVE-2014-6426,
wnpa-sec-2014-16]
An attacker can send a malicious RTSP packet, in order to trigger
a denial of service. [severity:2/4; CVE-2014-6427,
wnpa-sec-2014-17]
An attacker can send a malicious SES packet, in order to trigger a
denial of service. [severity:2/4; CVE-2014-6428, wnpa-sec-2014-18]
An attacker can use a malicious Sniffer file, in order to trigger
a denial of service. [severity:2/4; CVE-2014-6429, CVE-2014-6430,
CVE-2014-6431, CVE-2014-6432, wnpa-sec-2014-19]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-multiple-vulnerabilities-15362