Podatność CVE-2007-6118


Publikacja: 2007-11-23   Modyfikacja: 2012-02-12

Opis:
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.

Typ:

CWE-noinfo

Producent: Wireshark
Produkt: Wireshark 
Wersje:
0.99.6
0.99.5
0.99.4
0.99.3
0.99.2
0.99.1
0.99.0
0.99
Producent: Ethereal group
Produkt: Ethereal 
Wersje:
0.99.0
0.9.16
0.9.15
0.9.14

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
7.8/10
6.9/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Brak
Pełny

 Referencje:
http://bugs.gentoo.org/show_bug.cgi?id=199958
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
http://security.gentoo.org/glsa/glsa-200712-23.xml
http://securitytracker.com/id?1018988
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0004
http://www.debian.org/security/2007/dsa-1414
http://www.mandriva.com/security/advisories?name=MDVSA-2008:001
http://www.mandriva.com/security/advisories?name=MDVSA-2008:1
http://www.redhat.com/support/errata/RHSA-2008-0058.html
http://www.redhat.com/support/errata/RHSA-2008-0059.html
http://www.securityfocus.com/archive/1/485792/100/0/threaded
http://www.securityfocus.com/bid/26532
http://www.vupen.com/english/advisories/2007/3956
http://www.wireshark.org/security/wnpa-sec-2007-03.html
https://issues.rpath.com/browse/RPL-1975
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10659
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00606.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00712.html

Podobne CVE
CVE-2010-1455
The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.
CVE-2007-6120
The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
CVE-2007-6121
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
CVE-2007-6111
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.
CVE-2006-3632
Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.
CVE-2006-3628
Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissec...
CVE-2006-3629
Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Ethereal) 0.9.4 to 0.99.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVE-2006-1935
Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector.

Copyright 2019, cxsecurity.com

 

Back to Top