Summary
This host is installed with Wireshark and is prone to multiple Denial of Service vulnerabilities.
Impact
Successful exploitation could result in Denial of Serivce condition.
Impact Level: Application.
Solution
Upgrade to Wireshark 1.2.3
http://www.wireshark.org/download.html
Workaround: Disable the affected dissectors,
http://www.wireshark.org/security/wnpa-sec-2009-07.html
Insight
- An alignment error within the 'dissect_paltalk()' function in epan/dissectors/packet-paltalk.c of the Paltalk dissector can be exploited to cause a crash.
- An off-by-one error within the 'dissect_negprot_response()' function in epan/dissectors/packet-smb.c of the SMB dissector can be exploited to cause a crash.
Affected
Wireshark version 1.2.0 to 1.2.2 on Linux.
References
Severity
Classification
-
CVE CVE-2009-3549, CVE-2009-3551 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities