Wireshark SSH Dissector Infinite Loop DoS

2006-07-17T10:03:49
ID OSVDB:27370
Type osvdb
Reporter Ilja van Sprundel()
Modified 2006-07-17T10:03:49

Description

Vulnerability Description

The Wireshark SSH dissector contains a flaw that may allow a remote denial of service. The issue is triggered by a malformed packet or trace file, and will result in loss of availability for the application.

Solution Description

Upgrade to version 0.99.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The Wireshark SSH dissector contains a flaw that may allow a remote denial of service. The issue is triggered by a malformed packet or trace file, and will result in loss of availability for the application.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:21078 Secunia Advisory ID:21598 Secunia Advisory ID:21107 Secunia Advisory ID:21204 Secunia Advisory ID:21249 Secunia Advisory ID:21488 Secunia Advisory ID:21467 Secunia Advisory ID:22089 Related OSVDB ID: 27361 Related OSVDB ID: 27362 Related OSVDB ID: 27364 Related OSVDB ID: 27369 Related OSVDB ID: 27360 Related OSVDB ID: 27363 Related OSVDB ID: 27366 Related OSVDB ID: 27367 Related OSVDB ID: 27368 Related OSVDB ID: 27371 Related OSVDB ID: 27365 RedHat RHSA: RHSA-2006:0602 Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:128 Keyword: formerly ethereal Keyword: wnpa-sec-2006-01 ISS X-Force ID: 27829 CVE-2006-3631 Bugtraq ID: 19051