CVE-2008-3146 – wireshark: multiple buffer overflows in NCP dissector
https://notcve.org/view.php?id=CVE-2008-3146
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used. Múltiples desbordamientos de búfer en el archivo packet_ncp2222.inc en Wireshark (anteriormente Ethereal) versiones 0.9.7 hasta 1.0.2, permite a atacantes causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de un paquete NCP diseñado que causa que sea usado un puntero no válido. • http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/31687 http://secunia.com/advisories/31864 http://secunia.com/advisories/31886 http://secunia.com/advisories/32028 http://secunia.com/advisories/32091 http://security.gentoo.org/glsa/glsa-200809-17.xml http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0278 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3145 – wireshark: crash in the packet reassembling
https://notcve.org/view.php?id=CVE-2008-3145
The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read. La función fragment_add_work de epan/reassemble.c en Wireshark versiones 0.8.19 hasta la 1.0.1, permite a atacantes remotos provocar una denegación de servicio (caída) a través de series de paquetes fragmentados con valores de desplazamiento de fragmentación no secuencial, lo cual provoca una sobre-lectua del buffer. • http://anonsvn.wireshark.org/viewvc/index.py?view=rev&revision=25343 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/31044 http://secunia.com/advisories/31085 http://secunia.com/advisories/31257 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020471 • CWE-20: Improper Input Validation •
CVE-2008-3139
https://notcve.org/view.php?id=CVE-2008-3139
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. El analizador RTMPT en Wireshark (anteriormente Ethereal) 0.99.8 a la v1.0.0, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores desconocidos. NOTA: esto puede ser debido a un eror "user-after-free" (uso después de liberación). • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30886 http://secunia.com/advisories/30942 http://secunia.com/advisories/31085 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020404 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212 http://www.securityfocus.com/archive/1/493882/100/0/threaded http://www.securityfocus • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-3137 – wireshark: crash in the GSM SMS dissector
https://notcve.org/view.php?id=CVE-2008-3137
The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors. El analizador GSM SMS en Wireshark (anteriormente Ethereal) 0.99.2 a la v1.0.0, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30886 http://secunia.com/advisories/30942 http://secunia.com/advisories/31085 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020404 http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http:& • CWE-20: Improper Input Validation •
CVE-2008-3138 – wireshark: unexpected exit in the PANA and KISMET dissectors
https://notcve.org/view.php?id=CVE-2008-3138
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. Los analizadores (1) PANA y (2) KISMET en Wireshark (conocido como Ethereal) de la 0.99.3 a la v1.0.0, permite a atacantes remotos provocar una denegación de servicio (parada de aplicación) a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30886 http://secunia.com/advisories/30942 http://secunia.com/advisories/31085 http://secunia.com/advisories/31378 http://secunia.com/advisories/31687 http://secunia.com/advisories/32091 http://secunia.com/advisories/32944 http://security.gentoo.org/glsa/glsa-200808-04.xml http://securitytracker.com/id?1020404 http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm http:& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •