Vigil@nce: Wireshark, denials of service
July 2008 by Vigil@nce
SYNTHESIS
Several vulnerabilities of Wireshark can be used by a remote
attacker to create a denial of service.
Gravity: 2/4
Consequences: data reading, denial of service of service
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 01/07/2008
Identifier: VIGILANCE-VUL-7921
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION
The Wireshark/Ethereal program captures packets, in order to help
administrator solving network problems. Protocols are decoded by
dissectors. They have several vulnerabilities.
An attacker can stop the GSM SMS dissector. [grav:1/4]
An attacker can stop the PANA or KISMET dissector. [grav:1/4]
An attacke can stop the RTMPT dissector. [grav:1/4]
An attacker can obtain memory fragments via the RMI dissector.
[grav:2/4]
An attacke can stop the syslog dissector. [grav:1/4]
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-7921, wnpa-sec-2008-03