Buffer overflow : Wireshark BER Dissector Stack Consumption Vulnerability (Windows)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.801553
Kategorie:	Buffer overflow
Titel:	Wireshark BER Dissector Stack Consumption Vulnerability (Windows)
Zusammenfassung:	This host is installed with Wireshark and is prone to stack; consumption vulnerability.
Beschreibung:	Summary: This host is installed with Wireshark and is prone to stack consumption vulnerability. Vulnerability Insight: The flaw is due to stack consumption in the 'dissect_ber_unknown()' function in 'epan/dissectors/packet-ber.c' in the BER dissector, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown 'ASN.1/BER' encoded packet. Vulnerability Impact: Successful exploitation will allow attackers to crash the application. Affected Software/OS: Wireshark version 1.4.x before 1.4.1 and 1.2.x before 1.2.12 Solution: Upgrade to Wireshark 1.4.1 or 1.2.12 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3445 BugTraq ID: 43197 http://www.securityfocus.com/bid/43197 Bugtraq: 20100913 Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service (Google Search) http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html CERT/CC vulnerability note: VU#215900 http://www.kb.cert.org/vuls/id/215900 Debian Security Information: DSA-2127 (Google Search) http://www.debian.org/security/2010/dsa-2127 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:200 http://xorl.wordpress.com/2010/10/15/cve-2010-3445-wireshark-asn-1-ber-stack-overflow/ http://www.openwall.com/lists/oss-security/2010/10/01/10 http://www.openwall.com/lists/oss-security/2010/10/12/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14607 http://www.redhat.com/support/errata/RHSA-2010-0924.html http://www.redhat.com/support/errata/RHSA-2011-0370.html http://secunia.com/advisories/42392 http://secunia.com/advisories/42411 http://secunia.com/advisories/42877 http://secunia.com/advisories/43068 http://secunia.com/advisories/43759 http://secunia.com/advisories/43821 SuSE Security Announcement: SUSE-SR:2011:001 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.vupen.com/english/advisories/2010/3067 http://www.vupen.com/english/advisories/2010/3093 http://www.vupen.com/english/advisories/2011/0076 http://www.vupen.com/english/advisories/2011/0212 http://www.vupen.com/english/advisories/2011/0404 http://www.vupen.com/english/advisories/2011/0626 http://www.vupen.com/english/advisories/2011/0719
Copyright	Copyright (C) 2010 Greenbone Networks GmbH