Wireshark Security Vulnerabilities

Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in Wireshark versions 4.0.0 through 4.0.10, which stems from a...

CVE-2014-6603

The SSHParseBanner function in SSH parser app-layer-ssh.c in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service crash, or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write...

CVE-2014-6603

Suricata’s SSH banner parsing (SSHParseBanner in app-layer-ssh.c) is affected. In versions 2.0.3 and 2.1beta1, crafted banners can trigger a very large memory allocation or out-of-bounds access/write, allowing bypass of SSH rules and causing a denial-of-service (crash). A fix is available in Suri...

Fedora 20 : suricata-2.0.4-1.fc20 (2014-11462)

This update fixes a bug in the SSH parser, where a malformed banner could lead to evasion of SSH rules and missing log entries. In some cases it may also lead to a crash, CVE-2014-6603. Additionally, this release also addresses a new IPv6 issue that can lead to evasion. Note that Tenable Network...

Fedora 21 : suricata-2.0.4-1.fc21 (2014-11302)

This update fixes a bug in the SSH parser, where a malformed banner could lead to evasion of SSH rules and missing log entries. In some cases it may also lead to a crash, CVE-2014-6603. Additionally, this release also addresses a new IPv6 issue that can lead to evasion. Note that Tenable Network...