Wireshark Multiple DoS Vulnerabilities - June 13 (Mac OS X) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to multiple denial of service vulnerabilities.

Impact

Successful exploitation will allow remote attackers to cause denial of service via a crafted packet. Impact Level: Application

Solution

Upgrade to the Wireshark version 1.6.16 or 1.8.8 or later, For updates refer to http://www.wireshark.org/download

Insight

- 'http_payload_subdissector' function in epan/dissectors/packet-http.c in HTTP dissector does not determine when to use a recursive approach. - 'dissect_capwap_data' function in epan/dissectors/packet-capwap.c in CAPWAP dissector incorrectly uses a -1 data value to represent an error condition.

Affected

Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8 on Mac OS X

References

http://www.securitytracker.com/id/1028648
http://www.wireshark.org/docs/relnotes/wireshark-1.6.16.html
http://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4074, CVE-2013-4081

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

CUPS Denial of Service Vulnerability - Jun09
DoSable squid proxy server
Apache Tomcat Content-Type Header Denial Of Service Vulnerability
Dell OpenManage Web Server <= 3.7.1
ClamAV LZH File Unpacking Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities