Vigil@nce - Wireshark: three vulnerabilities
January 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Wireshark.
– Impacted products: Debian, MBS, MES, Wireshark
– Severity: 2/4
– Creation date: 18/12/2013
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Wireshark.
An attacker can generate an infinite loop via SIP, in order to
trigger a denial of service. [severity:2/4; BID-64411,
CVE-2013-7112, wnpa-sec-2013-66]
An attacker can send a malformed BSSGP packet, in order to trigger
a denial of service. [severity:2/4; BID-64413, CVE-2013-7113,
wnpa-sec-2013-67]
An attacker can send a packet with malformed NTLMSSPv2 data, in
order to trigger a denial of service. [severity:2/4; BID-64412,
CVE-2013-7114, wnpa-sec-2013-68]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-three-vulnerabilities-13959