Computer Security

Wireshark DoS
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Wireshark DoS
updated since 28.06.2007
Published:17.08.2007
Source:BUGTRAQ
SecurityVulns ID:7866
Type:remote
Level:5/10
Description:Endless loop on MMS and SSL parsing, off-by-one on iSeries and DHCP/BOOTP parsing.
Affected:WIRESHARK : wireshark 0.99
CVE:CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.)
 CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop.)
 CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.)
 CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP.)
 CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.)
Original documentdocumentzwell_(at)_sohu.com, WireShark MMS Remote Denial of Service vulnerability (15.08.2007)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1322-1] New wireshark packages fix denial of service (28.06.2007)
Files:WireShark<0.99.6 MMS protocol DOS PoC
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server