Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.806943 |
Category: | Denial of Service |
Title: | Wireshark Multiple Denial-of-Service Vulnerabilities-01 January16 (Windows) |
Summary: | This host is installed with Wireshark; and is prone to multiple denial of service vulnerabilities. |
Description: | Summary: This host is installed with Wireshark and is prone to multiple denial of service vulnerabilities. Vulnerability Insight: Multiple flaws exist due to - 'dissect_CPMSetBindings' function in 'epan/dissectors/packet-mswsp.c' script in the MS-WSP dissector does not validate the column size. - 'dissect_ppi' function in 'epan/dissectors/packet-ppi.c' script in the PPI dissector does not initialize a packet-header data structure. - 'ipmi_fmt_udpport' function in 'epan/dissectors/packet-ipmi.c' script in the IPMI dissector improperly attempts to access a packet scope. - 'dissect_tds7_colmetadata_token' function in 'epan/dissectors/packet-tds.c' script in the TDS dissector does not validate the number of columns. - 's7comm_decode_ud_cpu_szl_subfunc' function in 'epan/dissectors/packet-s7comm_szl_ids.c' script in the S7COMM dissector does not validate the list count in an SZL response. - 'mp2t_find_next_pcr' function in 'wiretap/mp2t.c' script in the MP2T file parser does not reserve memory for a trailer. - 'get_value' function in 'epan/dissectors/packet-btatt.c' script in the Bluetooth Attribute (aka BT ATT) dissector uses an incorrect integer data type. - 'dissect_nwp' function in 'epan/dissectors/packet-nwp.c' script in the NWP dissector mishandles the packet type. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct denial of service attack. Affected Software/OS: Wireshark version 2.0.x before 2.0.1 on Windows Solution: Upgrade to Wireshark version 2.0.1 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-8742 https://security.gentoo.org/glsa/201604-05 http://www.securitytracker.com/id/1034551 Common Vulnerability Exposure (CVE) ID: CVE-2015-8741 Common Vulnerability Exposure (CVE) ID: CVE-2015-8739 BugTraq ID: 79382 http://www.securityfocus.com/bid/79382 Common Vulnerability Exposure (CVE) ID: CVE-2015-8740 Common Vulnerability Exposure (CVE) ID: CVE-2015-8738 Common Vulnerability Exposure (CVE) ID: CVE-2015-8736 Common Vulnerability Exposure (CVE) ID: CVE-2015-8735 Common Vulnerability Exposure (CVE) ID: CVE-2015-8734 |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |