Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en Wireshark |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Denegación de Servicio |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricant afectat | GNU/Linux |
| Software afectado | Wireshark 0.7.9 - 0.99.2 |
Descripción |
|
|
Se han descubierto múltiples vulnerabilidades en las versiones que van desde la 0.7.9 a la 0.99.2 de Wireshark. Las vulnerabilidades son descritas a continuación. - CVE-2006-4330: Vulnerabilidad en el manejo SCSI. La explotación de esta vulnerabilidad podría permitir provocar un denegación de servicio de Wireshark. - CVE-2006-4331: Vulnerabilidad en el soporte para encriptación ESP puede provocar desbordamientos de búfer de un byte cuando la preferencia Ipsec ESP se activa. - CVE-2006-4332: Vulnerabilidad en el manejo del protocolo DHCP en las versiones de Windows de Wireshark. La explotación de esta vulnerabilidad podría permitir provocar un denegación de servicio de Wireshark. - CVE-2006-4333: Vulnerabilidad en el manejo del protocolo SSCOP cuando se configura un rango de puertos y se configura como payload el protocolo Q.2931. La explotación de esta vulnerabilidad podría permitir provocar un denegación de servicio de Wireshark. |
|
Solución |
|
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Wireshark Wireshark 0.99.3 http://www.wireshark.org/download.html Mandriva Linux Mandrivalinux 2006 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libwireshark0-0.99.3a-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/tshark-0.99.3a-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/wireshark-0.99.3a-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/wireshark-tools-0.99.3a-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/wireshark-0.99.3a-0.1.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64wireshark0-0.99.3a-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/tshark-0.99.3a-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/wireshark-0.99.3a-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/wireshark-tools-0.99.3a-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/wireshark-0.99.3a-0.1.20060mdk.src.rpm Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.dsc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.diff.gz http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_amd64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_amd64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_amd64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_amd64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_sparc.deb Red Hat Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 Itanium https://rhn.redhat.com/ |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE |
CVE-2006-4330 CVE-2006-4331 CVE-2006-4332 CVE-2006-4333 |
| BID | |
Recursos adicionales |
|
|
Wireshark Security Advisory wnpa-sec-2006-02 http://www.wireshark.org/security/wnpa-sec-2006-02.html Debian Security Advisory (DSA 1171-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00261.html Red Hat Security Advisory (RHSA-2006:0658-14) https://rhn.redhat.com/errata/RHSA-2006-0658.html |
|
Histórico de versiones |
||
| Versión | Comentario | Data |
| 1.0 | Aviso emitido | 2006-08-28 |
| 1.1 | Aviso emitido por Debian (DSA 1171-1) | 2006-09-08 |
| 1.2 | Aviso emitido por Red Hat (RHSA-2006:0658-14) | 2006-09-13 |