Summary
This host is installed with Wireshark and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let the attacker cause denial of service to the application by crafting malicious packets.
Solution
Upgrade to the latest version 1.0.6
http://www.wireshark.org/download.html
Insight
Multiple flaws are due to,
- a boundary error in the processing of NetScreen Snoop capture files.
- format string vulnerability in wireshark through format string specifiers in the HOME environment variable.
- improper handling of Tektronix K12 text capture files as demonstrated by a file with exactly one frame.
Affected
Wireshark for Windows version 1.0.5 and prior.
References
Severity
Classification
-
CVE CVE-2009-0599, CVE-2009-0600, CVE-2009-0601 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
- CUPS Denial of Service Vulnerability - Jun09
- Active Perl Denial of Service Vulnerability Feb 2014 (Windows)
- Apache APR-Utils Multiple Denial of Service Vulnerabilities
- Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability