Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
Network Security Consulting Advisories Article

Wireshark Versions Prior to 1.4.7/1.2.17 Multiple Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/48066

Security Info

Bugtraq ID: 48066
Class: Design Error
CVE: CVE-2011-1957
CVE-2011-1958
CVE-2011-1959
CVE-2011-2174
CVE-2011-2175
Remote: Yes
Local: No
Published: Jun 01 2011 12:00AM
Updated: Apr 23 2012 06:20PM
Credit: David Maciejak, Huzaifa Sidhpurwala and the vendor
Vulnerable: Wireshark Wireshark 1.4.5
Wireshark Wireshark 1.4.3
Wireshark Wireshark 1.4.2
Wireshark Wireshark 1.4.1
Wireshark Wireshark 1.2.16
Wireshark Wireshark 1.2.12
Wireshark Wireshark 1.2.10
Wireshark Wireshark 1.2.10
Wireshark Wireshark 1.2.9
Wireshark Wireshark 1.2.8
Wireshark Wireshark 1.2.7
Wireshark Wireshark 1.2.6
Wireshark Wireshark 1.2.5
Wireshark Wireshark 1.2.4
Wireshark Wireshark 1.2.3
Wireshark Wireshark 1.2.2
Wireshark Wireshark 1.2.1
Wireshark Wireshark 1.2
Wireshark Wireshark 1.4.1
Wireshark Wireshark 1.4.0
Wireshark Wireshark 1.2.14
Wireshark Wireshark 1.2.13
Wireshark Wireshark 1.2.12
Wireshark Wireshark 1.2.11
Red Hat Fedora 15
Red Hat Fedora 14
Red Hat Fedora 13
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 4.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: Wireshark Wireshark 1.4.7
Wireshark Wireshark 1.2.17

Security Discussion

Wireshark is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to crash the application, resulting in a denial-of-service condition.

Proof of Concept and Security Exploits

Attackers can use readily available tools to exploit these issues.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.


MandrakeSoft Enterprise Server 5 x86_64

MandrakeSoft Enterprise Server 5

Mandriva Linux Mandrake 2010.1 x86_64

Mandriva Linux Mandrake 2010.1

MandrakeSoft Corporate Server 4.0

MandrakeSoft Corporate Server 4.0 x86_64

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated November 22, 2014
©2000-2014 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services