Thursday, May 28, 2009

CERT-In Vulnerability Note CIVN-2009-64

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Wireshark Denial of Service Vulnerability
http://www.cert-in.org.in/vulnerability/civn-2009-64.htm

Original Issue Date:May 28, 2009

Severity Rating: Medium

Affected Softwares

    * Wireshark versions 0.8.20 to 1.0.7

Overview

A vulnerability has been reported in Wireshark versions 0.8.20 to 1.0.7
0.99.6 which could be exploited by the remote attackers to cause Denial of
Service condition on the systems having the affected version of
application.

Description

This vulnerability is caused due to an error in the PCNFSD dissector, which
can be exploited by the attacker to crash (Denial of Service) the
application. This vulnerability can be exploited by remote attackers by
tricking a user into reading a maliciously crafted PCNFSD packet.

Solution

Upgrade to Wireshark 1.0.8.
http://www.wireshark.org/

Vendor Information

Wireshark
http://www.wireshark.org/security/wnpa-sec-2009-03.html

References

SecurityFocus
http://www.securityfocus.com/bid/35081

Secunia
http://secunia.com/advisories/35201/

VUPEN Security
http://www.vupen.com/english/advisories/2009/1408

SecurityTracker
http://securitytracker.com/alerts/2009/May/1022274.html

CWE Name
CWE-399

Disclaimer

The information provided herein is on "as is" basis, without warranty of
any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Note: Please do not reply to this e-mail. For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wsBVAwUBSh6PzXWXeYNsoT30AQrVmAf+PqInjnWQFkgSg6UkVaGtz2qTWuUx8sAo
aZ3b0tDGJTMlIn2D3iQKW5Lf63QmweYTWv6g7hXEVeH56ki0zrIBJIw2JBqMr2B2
fWuEksc+vHEqUEXvyq9fVzpuwxEGmBNyK9d9vmwvs2aNlS1G6ABjZrhU5aV7pAf6
405s+jGCi9LoQZ5HRcOqxvsZxA3zxppDLwgNjyBd0/kWvBn9lywp1b/p9b770ZyJ
pt8r2lBpfNqpwAN+VPNP1bVz/9Kh5uqMUglMqkn1GaAfNFG7ru648OsYvwdlEE4Q
i9iF5tiubmpqoGIAJXt71/a5stQlZxjQUcBWztwaaze8aOoKNhx43w==
=we/t
-----END PGP SIGNATURE-----

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)