U radu programskog paketa Wireshark uočeni su višestruki sigurnosni nedostaci. Udaljenom napadaču omogućuju izvođenje napada uskraćivanjem usluge (DoS) ili pokretanje proizvoljnog programskog koda.
Paket:
wireshark 1.x
Operacijski sustavi:
Oracle Solaris 11 Express
Kritičnost:
10
Problem:
pogreška u programskoj funkciji, pogreška u programskoj komponenti, preljev međuspremnika
Oracle Solaris Wireshark Denial of Service and Buffer Overflow Vulnerabilities
Secunia Advisory SA47640
Release Date 2012-01-19
Criticality level Highly criticalHighly critical
Impact DoS
System access
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
Operating System
Oracle Solaris 11 Express
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2010-4538 CVSS available in Customer Area
CVE-2011-0444 CVSS available in Customer Area
CVE-2011-1590 CVSS available in Customer Area
CVE-2011-2698 CVSS available in Customer Area
Description
Oracle has acknowledged multiple vulnerabilities in Wireshark included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
For more information:
SA42767
SA44172 (#1)
SA45086 (#2)
Solution
Apply the 7012174, 7038523, and 7068994 patches.
Original Advisory
Oracle:
http://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities1
http://blogs.oracle.com/sunsecurity/entry/cve_2011_2698_denial_of
http://blogs.oracle.com/sunsecurity/entry/cve_2011_1590_denial_of
Other references
Further details available in Customer Area
Posljednje sigurnosne preporuke