Vigil@nce - Wireshark: multiple vulnerabilities
August 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Wireshark.
Impacted products: Fedora, openSUSE Leap, Wireshark.
Severity: 2/4.
Creation date: 02/06/2017.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Wireshark.
An attacker can generate an infinite loop via Bazaar, in order to
trigger a denial of service. [severity:2/4; CVE-2017-9352,
wnpa-sec-2017-22]
An attacker can force a read at an invalid address via DOF, in
order to trigger a denial of service, or to obtain sensitive
information. [severity:2/4; CVE-2017-9348, wnpa-sec-2017-23]
An attacker can force a read at an invalid address via DHCP, in
order to trigger a denial of service, or to obtain sensitive
information. [severity:1/4; CVE-2017-9351, wnpa-sec-2017-24]
An attacker can generate an infinite loop via SoulSeek, in order
to trigger a denial of service. [severity:2/4; CVE-2017-9346,
wnpa-sec-2017-25]
An attacker can generate an infinite loop via DNS, in order to
trigger a denial of service. [severity:2/4; CVE-2017-9345,
wnpa-sec-2017-26]
An attacker can generate an infinite loop via DICOM, in order to
trigger a denial of service. [severity:2/4; CVE-2017-9349,
wnpa-sec-2017-27]
An attacker can create a memory leak via openSAFETY, in order to
trigger a denial of service. [severity:2/4; CVE-2017-9350,
wnpa-sec-2017-28]
An attacker can trigger a fatal error via BT L2CAP, in order to
trigger a denial of service. [severity:2/4; CVE-2017-9344,
wnpa-sec-2017-29]
An attacker can send malicious MSNIP packets, in order to trigger
a denial of service. [severity:2/4; CVE-2017-9343,
wnpa-sec-2017-30]
An attacker can send malicious ROS packets, in order to trigger a
denial of service. [severity:2/4; CVE-2017-9347, wnpa-sec-2017-31]
An attacker can send malicious RGMP packets, in order to trigger a
denial of service. [severity:2/4; CVE-2017-9354, wnpa-sec-2017-32]
An attacker can send malicious IPv6 packets, in order to trigger a
denial of service. [severity:1/4; CVE-2017-9353, wnpa-sec-2017-33]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Wireshark-multiple-vulnerabilities-22886