Wireshark LDP PPP And HSRP Dissector Multiple Vulnerabilities (Mac OS X) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code in the context of the application, to crash the affected application, or to consume excessive CPU resources. Impact Level: System/Application

Solution

Upgrade to the Wireshark version 1.8.3 or later, For updates refer to http://www.wireshark.org/download

Insight

Errors in the HSRP, PPP and LDP dissectors when processing certain packets can be exploited to cause an infinite loop and consume CPU resources or a buffer overflow.

Affected

Wireshark versions 1.8.x prior to 1.8.3 on Mac OS X

References

http://secunia.com/advisories/50843/
http://www.osvdb.org/85884
http://www.wireshark.org/security/wnpa-sec-2012-26.html
http://www.wireshark.org/security/wnpa-sec-2012-27.html
http://www.wireshark.org/security/wnpa-sec-2012-29.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7581
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7668

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-5237, CVE-2012-5238, CVE-2012-5240

CVSS	Base Score: 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Linux)
Apache Error Log Escape Sequence Injection
Apple Safari libxml Denial of Service Vulnerability
Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
Asterisk Missing ACL Check Remote Security Bypass Vulnerability

Wireshark LDP PPP and HSRP dissector Multiple Vulnerabilities (Mac OS X)

Take action and discover your vulnerabilities