Wireshark DOS Vulnerability-02 Sep14 (Mac OS X) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attacker to cause denial of service attack. Impact Level: Application

Solution

Upgrade to Wireshark version 1.12.1 or later, For updates refer to https://www.wireshark.org

Insight

Flaws are due to, - Error in the get_quoted_string and get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector. - The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector does not properly handle a NULL tree.

Affected

Wireshark version 1.12.x before 1.12.1 on Mac OS X

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://www.osvdb.com/111601
http://www.osvdb.com/111602
https://www.wireshark.org/security/wnpa-sec-2014-15.html
https://www.wireshark.org/security/wnpa-sec-2014-16.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-6425, CVE-2014-6426

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Denial of Service vulnerability in AVG Anti-Virus (Linux)
Compaq Web SSI DoS
CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
Adobe Flash Media Server Remote Denial of Service Vulnerability (August-2011)
Comodo Internet Security Denial of Service Vulnerability-03

Take action and discover your vulnerabilities