CVE-2007-6121 – wireshark RPC Portmap flaws
https://notcve.org/view.php?id=CVE-2007-6121
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. Wireshark (formalmente Ethereal), desde la versión 0.8.16 a la 0.99.6, permite que atacantes remotos provoquen una denegación de servicio (por caída) usando paquetes RPC Portmap mal formados. • http://bugs.gentoo.org/show_bug.cgi?id=199958 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html http://secunia.com/advisories/27777 http://secunia.com/advisories/27817 http://secunia.com/advisories/28197 http://secunia.com/advisories/28207 http://secunia.com/advisories/28288 http://secunia.com/advisories/28304 http://secunia.com/advisories/28325 http://secunia.com/advisories/28564 http://secunia.com/advisories/28583 http://secunia.com/advisories/29048 • CWE-20: Improper Input Validation •
CVE-2007-3390 – Wireshark crashes when inspecting iSeries traffic
https://notcve.org/view.php?id=CVE-2007-3390
Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. Wireshark 0.99.5 y 0.10.x hasta 0.10.14, al ejecutarse en ciertos sistemas, permite a atacantes remotos provocar una denegación de servicio (caída) mediante ficheros capturados iSeries artesanales que provocan una SIGTRAP. • http://osvdb.org/37642 http://secunia.com/advisories/25833 http://secunia.com/advisories/25877 http://secunia.com/advisories/25987 http://secunia.com/advisories/26004 http://secunia.com/advisories/26499 http://secunia.com/advisories/28583 http://security.gentoo.org/glsa/glsa-200708-12.xml http://www.debian.org/security/2007/dsa-1322 http://www.mandriva.com/security/advisories?name=MDKSA-2007:145 http://www.novell.com/linux/security/advisories/2007_15_sr.html http:/ •
CVE-2007-3391 – Wireshark loops infinitely when inspecting DCP ETSI traffic
https://notcve.org/view.php?id=CVE-2007-3391
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. Wireshark 0.99.5 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) con un paquete DCP ETSI mal formado que provoca un bucle infinito. • http://osvdb.org/37641 http://secunia.com/advisories/25833 http://secunia.com/advisories/25987 http://secunia.com/advisories/26004 http://secunia.com/advisories/26499 http://secunia.com/advisories/28583 http://security.gentoo.org/glsa/glsa-200708-12.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:145 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.redhat.com/support/errata/RHSA-2007-0709.html http://www.redhat.com/support/e • CWE-20: Improper Input Validation •
CVE-2007-3392 – Wireshark crashes when inspecting MMS traffic
https://notcve.org/view.php?id=CVE-2007-3392
Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. Wireshark anterior a 0.99.6 permite a atacantes remotos provocar una denegación de servicio mediante paquetes (1) SSL o (2) MMS que provocan un bucle infinito. • http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1582 http://secunia.com/advisories/25833 http://secunia.com/advisories/25877 http://secunia.com/advisories/25987 http://secunia.com/advisories/26004 http://secunia.com/advisories/26499 http://secunia.com/advisories/28583 http://security.gentoo.org/glsa/glsa-200708-12.xml http://www.debian.org/security/2007/dsa-1322 http://www.mandriva.com/security/advisories?name=MDKSA-2007:145 http://www.novell.com/linux/security/advis •
CVE-2007-3389 – Wireshark crashes when inspecting HTTP traffic
https://notcve.org/view.php?id=CVE-2007-3389
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. Wireshark anterior a 0.99.6 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una codificación manual por trozos (crafted chunked encoding) en una respuesta HTTP, posiblemente relacionado con un segmento de datos (payload) de longitud cero. • http://osvdb.org/37643 http://secunia.com/advisories/25833 http://secunia.com/advisories/25987 http://secunia.com/advisories/26004 http://secunia.com/advisories/26499 http://secunia.com/advisories/27592 http://secunia.com/advisories/28583 http://security.gentoo.org/glsa/glsa-200708-12.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:145 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.redhat.com/support/errata/RHSA-2007-0709.html • CWE-20: Improper Input Validation •