CVE-2009-1266
https://notcve.org/view.php?id=CVE-2009-1266
Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors. Vulnerabilidad inespecífica en Wireshark anteriores a v1.0.7-0.1-1 tiene un impacto y vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/34778 http://secunia.com/advisories/35416 http://wiki.rpath.com/Advisories:rPSA-2009-0062 http://www.securityfocus.com/archive/1/502745/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/50334 •
CVE-2009-1210 – Wireshark 1.0.6 - PN-DCP Format String (PoC)
https://notcve.org/view.php?id=CVE-2009-1210
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de cadena de formato en el disector PROFINET/DCP (PN-DCP) en Wireshark versión 1.0.6 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un paquete PN-DCP con especificadores de cadena de formato en el nombre station. NOTA: algunos de estos datos fueron obtenidos de la información de terceros. • https://www.exploit-db.com/exploits/8308 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/34542 http://secunia.com/advisories/34778 http://secunia.com/advisories/34970 http://secunia.com/advisories/35133 http://secunia.com/advisories/35224 http://secunia.com/advisories/35416 http://secunia.com/advisories/35464 http://wiki.rpath.com/Advisories:rPSA-2009-0062 http://www.debian.org/security/2009/dsa-1785 http://www.m • CWE-134: Use of Externally-Controlled Format String •
CVE-2008-5285 – wireshark: DoS (infinite loop) in SMTP dissector via large SMTP request
https://notcve.org/view.php?id=CVE-2008-5285
Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop. Wireshark 1.0.4 y anteriores permite a atacantes remotos causar una denegación de servicio a través de una petición SMTP demasiado larga, lo que ocasiona un bucle infinito. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html http://secunia.com/advisories/32840 http://secunia.com/advisories/34144 http://securityreason.com/securityalert/4663 http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm http://wiki.rpath.com/Advisories:rPSA-2008-0336 http://www.mandriva.com/security/advisories?name=MDVSA-2008:242 http://www.openwall.com/lists/oss-security/2008/11/24/1 http://www.redhat.com/support/errata/RHSA-2009-0313.html h • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2008-3145 – wireshark: crash in the packet reassembling
https://notcve.org/view.php?id=CVE-2008-3145
The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. La función fragment_add_work de epan/reassemble.c en Wireshark versiones 0.8.19 hasta la 1.0.1, permite a atacantes remotos provocar una denegación de servicio (caída) a través de series de paquetes fragmentados con valores de desplazamiento de fragmentación no secuencial, lo cual provoca una sobre-lectua del buffer. • http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/31044 http://secunia.com/advisories/31085 http://secunia.com/advisories/31257 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020471 • CWE-20: Improper Input Validation •
CVE-2008-1070 – wireshark: SCTP dissector crash
https://notcve.org/view.php?id=CVE-2008-1070
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. El analizador SCTP de Wireshark (anteriormente Ethereal) de 0.99.5 a 0.99.7 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un paquete mal formado. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/29156 http://secunia.com/advisories/29188 http://secunia.com/advisories/29223 http://secunia.com/advisories/29242 http://secunia.com/advisories/29511 http://secunia.com/advisories/29736 http://secunia.com/advisories/32091 http://security.gentoo.org/glsa/glsa-200803-32.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA& •