Wireshark Multiple Denial-of-Service Vulnerabilities -01 Jan15 (Windows) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to multiple denial-of-service vulnerabilities.

Impact

Successful exploitation will allow attackers to conduct multiple denial-of-service attacks. Impact Level: Application

Solution

Upgrade to Wireshark version 1.10.12, 1.12.3 or later, For updates refer to https://www.wireshark.org

Insight

Multiple flaws are due to, - An error within the SMTP dissector. - An error within the DEC DNA Routing Protocol dissector. - An error within the LPP dissector. - Two errors within the WCCP dissector. - An error when decypting TLS/SSL sessions.

Affected

Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 on Windows

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/116808
http://secunia.com/advisories/62020
https://www.wireshark.org/security/wnpa-sec-2015-01.html
https://www.wireshark.org/security/wnpa-sec-2015-02.html
https://www.wireshark.org/security/wnpa-sec-2015-03.html
https://www.wireshark.org/security/wnpa-sec-2015-04.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2015-0559, CVE-2015-0560, CVE-2015-0561, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
Apple Safari JavaScript 'Reload()' DoS Vulnerability - July09
Cogent DataHub Integer Overflow Vulnerability
eZ/eZphotoshare Denial of Service
Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability

Take action and discover your vulnerabilities