| Beschreibung: | Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.
Vulnerability Insight:
The following packages are affected:
wireshark
wireshark-lite
tshark
tshark-lite
CVE-2012-4048
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before
1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a
denial of service (invalid pointer dereference and application crash)
via a crafted packet, as demonstrated by a usbmon dump.
CVE-2012-4049
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x
before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows
remote attackers to cause a denial of service (loop and CPU
consumption) via a crafted packet.
CVE-2012-4285
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the
DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before
1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a
denial of service (divide-by-zero error and application crash) via a
zero-length message.
CVE-2012-4286
The pcapng_read_packet_block function in wiretap/pcapng.c in the
pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows
user-assisted remote attackers to cause a denial of service
(divide-by-zero error and application crash) via a crafted pcap-ng
file.
CVE-2012-4287
epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark
1.8.x before 1.8.2 allows remote attackers to cause a denial of
service (loop and CPU consumption) via a small value for a BSON
document length.
Text truncated. Please see the references for more information.
Solution:
Update your system with the appropriate patches or
software upgrades.
CVSS Score:
8.3
CVSS Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C
|
