CVE-2008-3140 – Wireshark 1.0.0 - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-3140
The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet." El analizador syslog de Wireshark (formerly Ethereal) 1.0.0, permite a atacantes remotos provocar una denegación de servicio (caída de apliación) a través de vectores no conocidos, posiblemente esté relacionada con un “paquete incompleto SS7 MSU syslog encapsulado”. • https://www.exploit-db.com/exploits/32006 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30886 http://secunia.com/advisories/30942 http://secunia.com/advisories/31085 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020404 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212 http://www.securityfocus.com/archive/1/4 •
CVE-2008-3139
https://notcve.org/view.php?id=CVE-2008-3139
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. El analizador RTMPT en Wireshark (anteriormente Ethereal) 0.99.8 a la v1.0.0, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores desconocidos. NOTA: esto puede ser debido a un eror "user-after-free" (uso después de liberación). • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30886 http://secunia.com/advisories/30942 http://secunia.com/advisories/31085 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020404 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212 http://www.securityfocus.com/archive/1/493882/100/0/threaded http://www.securityfocus • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-3137 – wireshark: crash in the GSM SMS dissector
https://notcve.org/view.php?id=CVE-2008-3137
The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. El analizador GSM SMS en Wireshark (anteriormente Ethereal) 0.99.2 a la v1.0.0, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30886 http://secunia.com/advisories/30942 http://secunia.com/advisories/31085 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020404 http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http:& • CWE-20: Improper Input Validation •
CVE-2008-1562 – Wireshark 0.99.8 - LDAP Dissector Denial of Service
https://notcve.org/view.php?id=CVE-2008-1562
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740. El analizador LDAP en Wireshark (anteriormente Ethereal) de 0.99.2 a 0.99.8 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete mal formado, una vulnerabilidad distinta a CVE-2006-5740. • https://www.exploit-db.com/exploits/31553 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/29569 http://secunia.com/advisories/29622 http://secunia.com/advisories/29695 http://secunia.com/advisories/29736 http://secunia.com/advisories/29971 http://secunia.com/advisories/32091 http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138 http://www.gentoo.org/security/ • CWE-20: Improper Input Validation •
CVE-2008-1561 – Wireshark 0.99.8 - X.509sat Dissector Denial of Service
https://notcve.org/view.php?id=CVE-2008-1561
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang. Múltiples vulnerabilidades no especificadas en Wireshark (anteriormente Ethereal) de 0.99.5 a 0.99.8 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un paquete mal formado a los analizadores(1) X.509sat o (2) Roofnet. NOTA: el vector 2 podría llevar también a un cuelgue. • https://www.exploit-db.com/exploits/31552 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/29569 http://secunia.com/advisories/29622 http://secunia.com/advisories/29695 http://secunia.com/advisories/29736 http://secunia.com/advisories/29971 http://secunia.com/advisories/32091 http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0138 http://www.gentoo.org/security/ •