Vulnerability Bulletins |
Múltiples vulnerabilidades en Wireshark |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Denegación de Servicio |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | Wireshark 0.7.9 - 0.99.2 |
Description |
|
|
Se han descubierto múltiples vulnerabilidades en las versiones que van desde la 0.7.9 a la 0.99.2 de Wireshark. Las vulnerabilidades son descritas a continuación. - CVE-2006-4330: Vulnerabilidad en el manejo SCSI. La explotación de esta vulnerabilidad podría permitir provocar un denegación de servicio de Wireshark. - CVE-2006-4331: Vulnerabilidad en el soporte para encriptación ESP puede provocar desbordamientos de búfer de un byte cuando la preferencia Ipsec ESP se activa. - CVE-2006-4332: Vulnerabilidad en el manejo del protocolo DHCP en las versiones de Windows de Wireshark. La explotación de esta vulnerabilidad podría permitir provocar un denegación de servicio de Wireshark. - CVE-2006-4333: Vulnerabilidad en el manejo del protocolo SSCOP cuando se configura un rango de puertos y se configura como payload el protocolo Q.2931. La explotación de esta vulnerabilidad podría permitir provocar un denegación de servicio de Wireshark. |
|
Solution |
|
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Wireshark Wireshark 0.99.3 http://www.wireshark.org/download.html Mandriva Linux Mandrivalinux 2006 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libwireshark0-0.99.3a-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/tshark-0.99.3a-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/wireshark-0.99.3a-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/wireshark-tools-0.99.3a-0.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/wireshark-0.99.3a-0.1.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64wireshark0-0.99.3a-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/tshark-0.99.3a-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/wireshark-0.99.3a-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/wireshark-tools-0.99.3a-0.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/wireshark-0.99.3a-0.1.20060mdk.src.rpm Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.dsc http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.diff.gz http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_alpha.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_amd64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_amd64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_amd64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_amd64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_arm.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_hppa.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_i386.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_ia64.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_m68k.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mips.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mipsel.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_powerpc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_s390.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_sparc.deb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_sparc.deb Red Hat Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 Itanium https://rhn.redhat.com/ |
|
Standar resources |
|
| Property | Value |
| CVE |
CVE-2006-4330 CVE-2006-4331 CVE-2006-4332 CVE-2006-4333 |
| BID | |
Other resources |
|
|
Wireshark Security Advisory wnpa-sec-2006-02 http://www.wireshark.org/security/wnpa-sec-2006-02.html Debian Security Advisory (DSA 1171-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00261.html Red Hat Security Advisory (RHSA-2006:0658-14) https://rhn.redhat.com/errata/RHSA-2006-0658.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-08-28 |
| 1.1 | Aviso emitido por Debian (DSA 1171-1) | 2006-09-08 |
| 1.2 | Aviso emitido por Red Hat (RHSA-2006:0658-14) | 2006-09-13 |