English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.2.2019.2425
Categoría:Huawei EulerOS Local Security Checks
Título:Huawei EulerOS: Security Advisory for wireshark (EulerOS-SA-2019-2425)
Resumen:The remote host is missing an update for the Huawei EulerOS 'wireshark' package(s) announced via the EulerOS-SA-2019-2425 advisory.
Descripción:Summary:
The remote host is missing an update for the Huawei EulerOS 'wireshark' package(s) announced via the EulerOS-SA-2019-2425 advisory.

Vulnerability Insight:
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.(CVE-2018-14340)

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.(CVE-2018-14341)

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.(CVE-2018-5336)

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.(CVE-2018-7418)

In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.(CVE-2017-9347)

In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.(CVE-2017-9349)

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.(CVE-2018-19622)

The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.(CVE-2015-8714)

In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.(CVE-2017-13765)

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.(CVE-2017-17083)

The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.(CVE-2015-8712)

epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.(CVE-2015-8713)

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'wireshark' package(s) on Huawei EulerOS V2.0SP2.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-8712
BugTraq ID: 79816
http://www.securityfocus.com/bid/79816
Debian Security Information: DSA-3505 (Google Search)
http://www.debian.org/security/2016/dsa-3505
https://security.gentoo.org/glsa/201604-05
http://www.securitytracker.com/id/1034551
Common Vulnerability Exposure (CVE) ID: CVE-2015-8713
Common Vulnerability Exposure (CVE) ID: CVE-2015-8714
Common Vulnerability Exposure (CVE) ID: CVE-2015-8716
Common Vulnerability Exposure (CVE) ID: CVE-2015-8717
Common Vulnerability Exposure (CVE) ID: CVE-2015-8718
BugTraq ID: 79814
http://www.securityfocus.com/bid/79814
Common Vulnerability Exposure (CVE) ID: CVE-2015-8719
Common Vulnerability Exposure (CVE) ID: CVE-2015-8721
Common Vulnerability Exposure (CVE) ID: CVE-2015-8723
BugTraq ID: 79382
http://www.securityfocus.com/bid/79382
Common Vulnerability Exposure (CVE) ID: CVE-2015-8729
Common Vulnerability Exposure (CVE) ID: CVE-2015-8731
Debian Security Information: DSA-3516 (Google Search)
http://www.debian.org/security/2016/dsa-3516
Common Vulnerability Exposure (CVE) ID: CVE-2016-2523
http://www.securitytracker.com/id/1035118
SuSE Security Announcement: openSUSE-SU-2016:0660 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html
SuSE Security Announcement: openSUSE-SU-2016:0661 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-2530
Common Vulnerability Exposure (CVE) ID: CVE-2016-2531
Common Vulnerability Exposure (CVE) ID: CVE-2016-2532
Common Vulnerability Exposure (CVE) ID: CVE-2016-4006
Debian Security Information: DSA-3585 (Google Search)
http://www.debian.org/security/2016/dsa-3585
http://www.securitytracker.com/id/1035685
Common Vulnerability Exposure (CVE) ID: CVE-2016-4077
https://code.google.com/p/google-security-research/issues/detail?id=651
Common Vulnerability Exposure (CVE) ID: CVE-2016-4081
Common Vulnerability Exposure (CVE) ID: CVE-2016-4085
BugTraq ID: 87467
http://www.securityfocus.com/bid/87467
Common Vulnerability Exposure (CVE) ID: CVE-2016-5350
BugTraq ID: 91140
http://www.securityfocus.com/bid/91140
Debian Security Information: DSA-3615 (Google Search)
http://www.debian.org/security/2016/dsa-3615
http://www.openwall.com/lists/oss-security/2016/06/09/3
Common Vulnerability Exposure (CVE) ID: CVE-2016-5353
Common Vulnerability Exposure (CVE) ID: CVE-2016-5359
Common Vulnerability Exposure (CVE) ID: CVE-2016-6505
BugTraq ID: 92163
http://www.securityfocus.com/bid/92163
Debian Security Information: DSA-3648 (Google Search)
http://www.debian.org/security/2016/dsa-3648
https://www.exploit-db.com/exploits/40197/
http://openwall.com/lists/oss-security/2016/07/28/3
http://www.securitytracker.com/id/1036480
Common Vulnerability Exposure (CVE) ID: CVE-2016-6507
Common Vulnerability Exposure (CVE) ID: CVE-2016-6508
Common Vulnerability Exposure (CVE) ID: CVE-2016-6510
Common Vulnerability Exposure (CVE) ID: CVE-2016-7177
Debian Security Information: DSA-3671 (Google Search)
http://www.debian.org/security/2016/dsa-3671
http://www.securitytracker.com/id/1036760
Common Vulnerability Exposure (CVE) ID: CVE-2016-7179
Common Vulnerability Exposure (CVE) ID: CVE-2016-7958
BugTraq ID: 93463
http://www.securityfocus.com/bid/93463
Common Vulnerability Exposure (CVE) ID: CVE-2016-9375
BugTraq ID: 94369
http://www.securityfocus.com/bid/94369
Debian Security Information: DSA-3719 (Google Search)
http://www.debian.org/security/2016/dsa-3719
http://www.securitytracker.com/id/1037313
Common Vulnerability Exposure (CVE) ID: CVE-2017-7703
BugTraq ID: 97636
http://www.securityfocus.com/bid/97636
https://security.gentoo.org/glsa/201706-12
https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html
http://www.securitytracker.com/id/1038262
Common Vulnerability Exposure (CVE) ID: CVE-2017-9345
BugTraq ID: 98798
http://www.securityfocus.com/bid/98798
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1206
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e280c9b637327a65d132bfe72d917b87e6844eb5
https://www.wireshark.org/security/wnpa-sec-2017-26.html
http://www.securitytracker.com/id/1038612
Common Vulnerability Exposure (CVE) ID: CVE-2017-9347
BugTraq ID: 98800
http://www.securityfocus.com/bid/98800
https://www.exploit-db.com/exploits/42124/
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1216
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=278e52f26e7e1a23f8d2e8ed98693328c992bdce
https://www.wireshark.org/security/wnpa-sec-2017-31.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-9349
BugTraq ID: 98803
http://www.securityfocus.com/bid/98803
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1329
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cb1b6494c44c9e939d9e2554de6b812de395e3f9
https://www.wireshark.org/security/wnpa-sec-2017-27.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00031.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-9352
BugTraq ID: 98804
http://www.securityfocus.com/bid/98804
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8c5e0cee278ff0678b0ebf4b9c2a614974b4029a
https://www.wireshark.org/security/wnpa-sec-2017-22.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-5336
BugTraq ID: 102504
http://www.securityfocus.com/bid/102504
Debian Security Information: DSA-4101 (Google Search)
https://www.debian.org/security/2018/dsa-4101
https://lists.debian.org/debian-lts-announce/2018/01/msg00032.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-7418
BugTraq ID: 103157
http://www.securityfocus.com/bid/103157
https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.