Summary
This host is installed with Wireshark and is prone to denial of service and remote code execution vulnerabilities.
Impact
Successful exploitation will allow attackers to cause a DoS (Denial of Service) and compromise a vulnerable system.
Impact Level: System/Application
Solution
Upgrade to Wireshark version 1.8.13 or 1.10.6 or later, For updates refer to http://www.wireshark.org/download
Insight
Flaw is due to an error within the NFS dissector
(epan/dissectors/packet-nfs.c), RLC dissector (epan/dissectors/packet-rlc) and MPEG parser (wiretap/mpeg.c).
Affected
Wireshark version 1.8.x before 1.8.13 and 1.10.x before 1.10.6 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
- http://secunia.com/advisories/57265
- http://www.osvdb.com/104196
- http://www.osvdb.com/104198
- http://www.osvdb.com/104199
- https://www.wireshark.org/security/wnpa-sec-2014-01.html
- https://www.wireshark.org/security/wnpa-sec-2014-03.html
- https://www.wireshark.org/security/wnpa-sec-2014-04.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-2281, CVE-2014-2283, CVE-2014-2299 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe Air Multiple Vulnerabilities - December12 (Windows)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)