Wireshark HTTP Dissector Unspecified DoS

2006-10-27T04:18:53
ID OSVDB:30068
Type osvdb
Reporter OSVDB
Modified 2006-10-27T04:18:53

Description

Vulnerability Description

The Wireshark HTTP dissector contains a flaw that may allow a remote denial of service. The issue is triggered by a malformed packet or trace file, and will result in loss of availability for the application.

Solution Description

Upgrade to version 0.99.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A vulnerability exists in the Wireshark HTTP dissector which could allow an attacker to remotely trigger a denial of service.

References:

Vendor Specific News/Changelog Entry: http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1079 Vendor Specific News/Changelog Entry: http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1050 Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:22590 Secunia Advisory ID:22672 Secunia Advisory ID:22929 Secunia Advisory ID:23096 Secunia Advisory ID:22659 Secunia Advisory ID:22692 Secunia Advisory ID:22797 Secunia Advisory ID:22841 Related OSVDB ID: 30069 Related OSVDB ID: 30070 Related OSVDB ID: 30073 Related OSVDB ID: 30072 Related OSVDB ID: 30071 RedHat RHSA: RHSA-2006:0726 CVE-2006-5468 CVE-29840 Bugtraq ID: 20762