FreeBSD Local Security Checks : FreeBSD Ports: wireshark

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.72500

Kategorie: FreeBSD Local Security Checks

Titel: FreeBSD Ports: wireshark

Zusammenfassung: The remote host is missing an update to the system; as announced in the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

wireshark
wireshark-lite
tshark
tshark-lite

CVE-2012-5237
The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP
dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to
cause a denial of service (infinite loop) via a malformed packet.
CVE-2012-5238
epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x
before 1.8.3 uses incorrect OUI data structures during the decoding of
(1) PPP and (2) LCP data, which allows remote attackers to cause a
denial of service (assertion failure and application exit) via a
malformed packet.
CVE-2012-5240
Buffer overflow in the dissect_tlv function in
epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x
before 1.8.3 allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
malformed packet.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.8

CVSS Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-5237
BugTraq ID: 55754
http://www.securityfocus.com/bid/55754
http://osvdb.org/85884
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14992
http://www.securitytracker.com/id?1027604
XForce ISS Database: wireshark-hsrp-dos(79009)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79009
Common Vulnerability Exposure (CVE) ID: CVE-2012-5238
http://osvdb.org/85883
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15593
XForce ISS Database: wireshark-ppp-dissector-dos(79010)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79010
Common Vulnerability Exposure (CVE) ID: CVE-2012-5240
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15691

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.72500
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: wireshark
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: wireshark wireshark-lite tshark tshark-lite CVE-2012-5237 The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. CVE-2012-5238 epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet. CVE-2012-5240 Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.8 CVSS Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5237 BugTraq ID: 55754 http://www.securityfocus.com/bid/55754 http://osvdb.org/85884 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14992 http://www.securitytracker.com/id?1027604 XForce ISS Database: wireshark-hsrp-dos(79009) https://exchange.xforce.ibmcloud.com/vulnerabilities/79009 Common Vulnerability Exposure (CVE) ID: CVE-2012-5238 http://osvdb.org/85883 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15593 XForce ISS Database: wireshark-ppp-dissector-dos(79010) https://exchange.xforce.ibmcloud.com/vulnerabilities/79010 Common Vulnerability Exposure (CVE) ID: CVE-2012-5240 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15691
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com