Summary
This host is installed with Wireshark and is prone to multiple denial of service vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct a DoS (Denial of Service).
Impact Level: Application
Solution
Upgrade to Wireshark version 1.10.9 or later,
For updates refer to http://www.wireshark.org/download
Insight
Multiple flaws exists due to,
- An error in 'dissect_log' function in plugins/irda/packet-irda.c within the ASN.1 BER dissector.
- An error in 'read_new_line' function in wiretap/catapult_dct2000.c within the Catapult DCT2000 dissector.
- An error in 'APN decode' functionality in epan/dissectors/packet-gtp.c and epan/dissectors/packet-gsm_a_gm.c within the GTP and GSM Management dissectors.
- An error in 'rlc_decode_li' function in epan/dissectors/packet-rlc.c within the RLC dissector.
- An error in 'dissect_ber_constrained_bitstring' function in epan/dissectors/packet-ber.c within the ASN.1 BER dissector.
Affected
Wireshark version 1.10.x before 1.10.9 on Mac OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
- http://secunia.com/advisories/59299
- http://www.osvdb.com/109728
- https://www.wireshark.org/security/wnpa-sec-2014-08.html
- https://www.wireshark.org/security/wnpa-sec-2014-09.html
- https://www.wireshark.org/security/wnpa-sec-2014-10.html
- https://www.wireshark.org/security/wnpa-sec-2014-11.html
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2014-5161, CVE-2014-5162, CVE-2014-5163, CVE-2014-5164, CVE-2014-5165 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities