Vulnerabilities > CVE-2008-6472 - Resource Management Errors vulnerability in Wireshark

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
wireshark
CWE-399
nessus

Summary

The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-242.NASL
    descriptionTwo vulnerabilities were discovered in Wireshark. The first is a vulnerability in the SMTP dissector that could cause it to consume excessive CPU and memory via a long SMTP request (CVE-2008-5285). The second is an issue with the WLCCP dissector that could cause it to go into an infinite loop. This update also provides a patch to fix a potential freeze during capture interface selection. This update provides Wireshark 1.0.5, which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37127
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37127
    titleMandriva Linux Security Advisory : wireshark (MDVSA-2008:242)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2008:242. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(37127);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:50");
    
      script_cve_id("CVE-2008-5285", "CVE-2008-6472");
      script_bugtraq_id(32422);
      script_xref(name:"MDVSA", value:"2008:242");
    
      script_name(english:"Mandriva Linux Security Advisory : wireshark (MDVSA-2008:242)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two vulnerabilities were discovered in Wireshark. The first is a
    vulnerability in the SMTP dissector that could cause it to consume
    excessive CPU and memory via a long SMTP request (CVE-2008-5285).
    
    The second is an issue with the WLCCP dissector that could cause it to
    go into an infinite loop.
    
    This update also provides a patch to fix a potential freeze during
    capture interface selection.
    
    This update provides Wireshark 1.0.5, which is not vulnerable to these
    issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.wireshark.org/security/wnpa-sec-2008-07.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://qa.mandriva.com/44407"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dumpcap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wireshark0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwireshark0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rawshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wireshark-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/12/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2008.1", reference:"dumpcap-1.0.5-1.1mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64wireshark-devel-1.0.5-1.1mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64wireshark0-1.0.5-1.1mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libwireshark-devel-1.0.5-1.1mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libwireshark0-1.0.5-1.1mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", reference:"rawshark-1.0.5-1.1mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", reference:"tshark-1.0.5-1.1mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", reference:"wireshark-1.0.5-1.1mdv2008.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.1", reference:"wireshark-tools-1.0.5-1.1mdv2008.1", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2009.0", reference:"dumpcap-1.0.5-1.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64wireshark-devel-1.0.5-1.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64wireshark0-1.0.5-1.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libwireshark-devel-1.0.5-1.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libwireshark0-1.0.5-1.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"rawshark-1.0.5-1.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"tshark-1.0.5-1.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"wireshark-1.0.5-1.1mdv2009.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2009.0", reference:"wireshark-tools-1.0.5-1.1mdv2009.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0313.NASL
    descriptionUpdated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-4683, CVE-2009-0599) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malformed dump file. (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2009-0600) Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.6, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id35767
    published2009-03-05
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35767
    titleCentOS 3 / 4 : wireshark (CESA-2009:0313)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:0313 and 
    # CentOS Errata and Security Advisory 2009:0313 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(35767);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2008-4680", "CVE-2008-4681", "CVE-2008-4682", "CVE-2008-4683", "CVE-2008-4684", "CVE-2008-4685", "CVE-2008-5285", "CVE-2008-6472", "CVE-2009-0599", "CVE-2009-0600");
      script_bugtraq_id(31838, 32422);
      script_xref(name:"RHSA", value:"2009:0313");
    
      script_name(english:"CentOS 3 / 4 : wireshark (CESA-2009:0313)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated wireshark packages that fix several security issues are now
    available for Red Hat Enterprise Linux 3, 4, and 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Wireshark is a program for monitoring network traffic. Wireshark was
    previously known as Ethereal.
    
    Multiple buffer overflow flaws were found in Wireshark. If Wireshark
    read a malformed packet off a network or opened a malformed dump file,
    it could crash or, possibly, execute arbitrary code as the user
    running Wireshark. (CVE-2008-4683, CVE-2009-0599)
    
    Several denial of service flaws were found in Wireshark. Wireshark
    could crash or stop responding if it read a malformed packet off a
    network, or opened a malformed dump file. (CVE-2008-4680,
    CVE-2008-4681, CVE-2008-4682, CVE-2008-4684, CVE-2008-4685,
    CVE-2008-5285, CVE-2009-0600)
    
    Users of wireshark should upgrade to these updated packages, which
    contain Wireshark version 1.0.6, and resolve these issues. All running
    instances of Wireshark must be restarted for the update to take
    effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-April/015800.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?08f2711c"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-April/015801.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?18722f83"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-March/015651.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8e0ec61c"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-March/015652.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?368d19bc"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-March/015656.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d5878e1f"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-March/015659.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?65ab81d3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected wireshark packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 119, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:wireshark-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/10/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/04/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"wireshark-1.0.6-EL3.3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"wireshark-gnome-1.0.6-EL3.3")) flag++;
    
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"wireshark-1.0.6-2.el4_7")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"wireshark-1.0.6-2.c4")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"wireshark-1.0.6-2.el4_7")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"wireshark-gnome-1.0.6-2.el4_7")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"wireshark-gnome-1.0.6-2.c4")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"wireshark-gnome-1.0.6-2.el4_7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wireshark / wireshark-gnome");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200906-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200906-05 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark: David Maciejak discovered a vulnerability in packet-usb.c in the USB dissector via a malformed USB Request Block (URB) (CVE-2008-4680). Florent Drouin and David Maciejak reported an unspecified vulnerability in the Bluetooth RFCOMM dissector (CVE-2008-4681). A malformed Tamos CommView capture file (aka .ncf file) with an
    last seen2020-06-01
    modified2020-06-02
    plugin id39580
    published2009-07-01
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39580
    titleGLSA-200906-05 : Wireshark: Multiple vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0313.NASL
    descriptionFrom Red Hat Security Advisory 2009:0313 : Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-4683, CVE-2009-0599) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malformed dump file. (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2009-0600) Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.6, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id67809
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67809
    titleOracle Linux 3 / 4 / 5 : wireshark (ELSA-2009-0313)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0313.NASL
    descriptionUpdated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-4683, CVE-2009-0599) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malformed dump file. (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2009-0600) Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.6, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id35772
    published2009-03-05
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35772
    titleRHEL 3 / 4 / 5 : wireshark (RHSA-2009:0313)

Oval

  • accepted2013-08-19T04:05:06.301-04:00
    classvulnerability
    contributors
    • nameChandan S
      organizationSecPod Technologies
    • nameShane Shaffer
      organizationG2, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    definition_extensions
    commentWireshark is installed on the system.
    ovaloval:org.mitre.oval:def:6589
    descriptionThe WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
    familywindows
    idoval:org.mitre.oval:def:6223
    statusaccepted
    submitted2009-04-02T10:31:31
    titleWireshark Denial of Service Vulnerability
    version7
  • accepted2013-04-29T04:20:50.613-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionThe WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
    familyunix
    idoval:org.mitre.oval:def:9629
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleThe WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors.
    version27

Redhat

advisories
rhsa
idRHSA-2009:0313
rpms
  • wireshark-0:1.0.6-2.el4_7
  • wireshark-0:1.0.6-2.el5_3
  • wireshark-0:1.0.6-EL3.3
  • wireshark-debuginfo-0:1.0.6-2.el4_7
  • wireshark-debuginfo-0:1.0.6-2.el5_3
  • wireshark-debuginfo-0:1.0.6-EL3.3
  • wireshark-gnome-0:1.0.6-2.el4_7
  • wireshark-gnome-0:1.0.6-2.el5_3
  • wireshark-gnome-0:1.0.6-EL3.3