Summary
This host is installed with Wireshark and is prone to stack consumption vulnerability.
Impact
Successful exploitation will allow attackers to crash the application.
Impact Level: Application
Solution
Upgrade to Wireshark 1.4.1 or 1.2.12 or later,
For updates refer to http://www.wireshark.org/download
Insight
The flaw is due to stack consumption in the 'dissect_ber_unknown()' function in 'epan/dissectors/packet-ber.c' in the BER dissector, whcih allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown 'ASN.1/BER' encoded packet.
Affected
Wireshark version 1.4.x before 1.4.1 and 1.2.x before 1.2.12
References
Severity
Classification
-
CVE CVE-2010-3445 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability
- Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
- VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Linux)
- Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09
- Pango Integer Buffer Overflow Vulnerability