CVE-2009-1268 – Wireshark CHAP dissector crash
https://notcve.org/view.php?id=CVE-2009-1268
The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet. Vulnerabilidad en el analizador del protocolo Check Point High-Availability Protocol (CPHAP) de Wireshark desde la versión v0.0.6 hasta la v1.0.6 permite a usuarios remotos causar una denegación de servicio (caída del servicio) a través de un paquete FWHA_MY_STATE modificado. • http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/34778 http://secunia.com/advisories/34970 http://secunia.com/advisories/35133 http://secunia.com/advisories/35224 http://secunia.com/advisories/35416 http://secunia.com/advisories/35464 http://secunia.com/advisories/37477 http://wiki.rpath.com/Advisories:rPSA-2009-0062 http://www.debian.org/security/2009/dsa-1785 http://www.debian.org/security/2009/dsa-1942 http:// • CWE-20: Improper Input Validation •
CVE-2009-1210 – Wireshark 1.0.6 - PN-DCP Format String (PoC)
https://notcve.org/view.php?id=CVE-2009-1210
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de cadena de formato en el disector PROFINET/DCP (PN-DCP) en Wireshark versión 1.0.6 y anteriores, permite a los atacantes remotos ejecutar código arbitrario por medio de un paquete PN-DCP con especificadores de cadena de formato en el nombre station. NOTA: algunos de estos datos fueron obtenidos de la información de terceros. • https://www.exploit-db.com/exploits/8308 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/34542 http://secunia.com/advisories/34778 http://secunia.com/advisories/34970 http://secunia.com/advisories/35133 http://secunia.com/advisories/35224 http://secunia.com/advisories/35416 http://secunia.com/advisories/35464 http://wiki.rpath.com/Advisories:rPSA-2009-0062 http://www.debian.org/security/2009/dsa-1785 http://www.m • CWE-134: Use of Externally-Controlled Format String •
CVE-2008-6472 – wireshark: DoS vulnerability in WLCCP dissector
https://notcve.org/view.php?id=CVE-2008-6472
The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors. El disector WLCCP en Wireshark 0.99.7 hasta la versión 1.0.4 permite a atacantes remotos provocar una denegación de servicio (con un bucle infinito) a través de vectores no especificados. • http://secunia.com/advisories/32840 http://secunia.com/advisories/34144 http://www.mandriva.com/security/advisories?name=MDVSA-2008:242 http://www.redhat.com/support/errata/RHSA-2009-0313.html http://www.wireshark.org/security/wnpa-sec-2008-07.html https://exchange.xforce.ibmcloud.com/vulnerabilities/47292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6223 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9629 https:/ • CWE-399: Resource Management Errors •
CVE-2009-0601
https://notcve.org/view.php?id=CVE-2009-0601
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. Una vulnerabilidad de formato de cadena en Wireshark 0.99.8 a 1.0.5 sobre plataformas No-Windows permite a usuarios locales provocar una denegación de servicio (con cuelgue de la aplicacion) a través de especificadores de formato de cadena en la variable de entorno HOME. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://secunia.com/advisories/34264 http://wiki.rpath.com/Advisories:rPSA-2009-0040 http://www.securityfocus.com/archive/1/501763/100/0/threaded http://www.securityfocus.com/bid/33690 http://www.securitytracker.com/id?1021697 http://www.vupen.com/english/advisories/2009/0370 http://www.wireshark.org/security/wnpa-sec-2009-01.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150 https://issue • CWE-134: Use of Externally-Controlled Format String •
CVE-2009-0599 – wireshark: buffer overflows in NetScreen snoop file reader
https://notcve.org/view.php?id=CVE-2009-0599
Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. Desbordamiento de búfer en wiretap/netscreen.c en Wireshark v0.99.7 hasta v1.0.5 permite a usuarios remotos asistidos por usuarios locales, provocar una denegación de servicio (caída de la aplicación) a través de un fichero snoop NetScreen mal formado. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://osvdb.org/51815 http://secunia.com/advisories/33872 http://secunia.com/advisories/34144 http://secunia.com/advisories/34264 http://secunia.com/advisories/34344 http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm http://wiki.rpath.com/Advisories:rPSA-2009-0040 http://www.redhat.com/support/errata/RHSA-2009-0313.html http://www.securityfocus.com/archive/1/501763/100/0/threaded http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •