CVE-2009-1266
https://notcve.org/view.php?id=CVE-2009-1266
Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors. Vulnerabilidad inespecífica en Wireshark anteriores a v1.0.7-0.1-1 tiene un impacto y vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/34778 http://secunia.com/advisories/35416 http://wiki.rpath.com/Advisories:rPSA-2009-0062 http://www.securityfocus.com/archive/1/502745/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/50334 •
CVE-2009-1210 – Wireshark 1.0.6 - PN-DCP Format String (PoC)
https://notcve.org/view.php?id=CVE-2009-1210
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de cadena de formato en el disector PROFINET/DCP (PN-DCP) en Wireshark versión 1.0.6 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un paquete PN-DCP con especificadores de cadena de formato en el nombre station. NOTA: algunos de estos datos fueron obtenidos de la información de terceros. • https://www.exploit-db.com/exploits/8308 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/34542 http://secunia.com/advisories/34778 http://secunia.com/advisories/34970 http://secunia.com/advisories/35133 http://secunia.com/advisories/35224 http://secunia.com/advisories/35416 http://secunia.com/advisories/35464 http://wiki.rpath.com/Advisories:rPSA-2009-0062 http://www.debian.org/security/2009/dsa-1785 http://www.m • CWE-134: Use of Externally-Controlled Format String •
CVE-2008-5285 – wireshark: DoS (infinite loop) in SMTP dissector via large SMTP request
https://notcve.org/view.php?id=CVE-2008-5285
Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. Wireshark 1.0.4 y anteriores permite a atacantes remotos causar una denegación de servicio a través de una petición SMTP demasiado larga, lo que ocasiona un bucle infinito. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html http://secunia.com/advisories/32840 http://secunia.com/advisories/34144 http://securityreason.com/securityalert/4663 http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm http://wiki.rpath.com/Advisories:rPSA-2008-0336 http://www.mandriva.com/security/advisories?name=MDVSA-2008:242 http://www.openwall.com/lists/oss-security/2008/11/24/1 http://www.redhat.com/support/errata/RHSA-2009-0313.html h • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2008-1072 – wireshark: TFTP dissector crash
https://notcve.org/view.php?id=CVE-2008-1072
The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. El TFTP dissector en Wireshark (antes Ethereal) de la v.0.6.0 a la v.0.99.7 ejecutado sobre Ubuntu 7.10, permite a atacantes remotos causar una denegación de servicio (caída o consumo de memoria) a través de un paquete defectuoso, posiblemente en relación al bug de la biblioteca Cairo. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/29156 http://secunia.com/advisories/29188 http://secunia.com/advisories/29223 http://secunia.com/advisories/29242 http://secunia.com/advisories/29511 http://secunia.com/advisories/29736 http://secunia.com/advisories/32091 http://security.gentoo.org/glsa/glsa-200803-32.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA& •
CVE-2008-1071 – wireshark: SNMP dissector crash
https://notcve.org/view.php?id=CVE-2008-1071
The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. El analizador SNMP de Wireshark (anteriormente Ethereal) 0.99.6 hasta 0.99.7, permite a atacantes remotos provocar una denegación de servicio (caída) a través de un paquete mal formado. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/29156 http://secunia.com/advisories/29188 http://secunia.com/advisories/29223 http://secunia.com/advisories/29242 http://secunia.com/advisories/29511 http://secunia.com/advisories/29736 http://secunia.com/advisories/32091 http://security.gentoo.org/glsa/glsa-200803-32.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA& • CWE-399: Resource Management Errors •