Wireshark 'SIP' And 'NTLMSSP' Denial Of Service Vulnerability-01 Dec13 (Windows) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attackers to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Impact Level: System/Application

Solution

Upgrade to Wireshark version 1.8.12 or 1.10.4 or later, For updates refer to http://www.wireshark.org/download

Insight

Flaw is due to an error within the SIP dissector (epan/dissectors/packet-sip.c) and NTLMSSP v2 dissector.

Affected

Wireshark version 1.8.x before 1.8.12 and 1.10.x before 1.10.4 on Windows

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/56097
http://www.osvdb.com/101151
https://www.wireshark.org/security/wnpa-sec-2013-66.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-7112, CVE-2013-7114

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)
Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X)
Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)
Asterisk SIP REGISTER Response Username Enumeration Vulnerability

Wireshark 'SIP' and 'NTLMSSP' Denial of Service Vulnerability-01 Dec13 (Windows)

Take action and discover your vulnerabilities